Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
File Path: C:\eclipse-addons\jdk\jdk32-1.8.0_25\jre\..\lib\tools.jar
MD5: 3ED09BC7A9298C63C99324E4028CDC0D
SHA1: F66C3CB9DEBECD5B3BC214D5617684441C16C6AC
Description:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
File Path: C:\Users\Jeremy\.m2\repository\antlr\antlr\2.7.7\antlr-2.7.7.jar
MD5: F8F1352C52A4C6A500B597596501FC64
SHA1: 83CD2CD674A217ADE95A4BB83A8A14F351F48BD0
Description: AOP Alliance
File Path: C:\Users\Jeremy\.m2\repository\aopalliance\aopalliance\1.0\aopalliance-1.0.jar
MD5: 04177054E180D09E3998808EFA0401C7
SHA1: 0235BA8B489512805AC13A8F9EA77A1CA5EBE3E8
File Path: C:\Users\Jeremy\.m2\repository\asm\asm\3.3.1\asm-3.3.1.jar
MD5: 1AD1E8959324B0F680B8E62406955642
SHA1: 1D5F20B4EA675E6FAB6AB79F1CD60EC268DDC015
Description: Dawid Kurzyniec's backport of JSR 166
File Path: C:\Users\Jeremy\.m2\repository\backport-util-concurrent\backport-util-concurrent\3.1\backport-util-concurrent-3.1.jar
MD5: 748BB0CBF4780B2E3121DC9C12E10CD9
SHA1: 682F7AC17FED79E92F8E87D8455192B63376347B
Description: Ganymed SSH2 for Java is a library which implements the SSH-2 protocol in pure Java
File Path: C:\Users\Jeremy\.m2\repository\ch\ethz\ganymed\ganymed-ssh2\build210\ganymed-ssh2-build210.jar
MD5: D898FE406A32B5C55283C719CB48328B
SHA1: B2F81C85A7A2A1B43727D2582710AF85C979050B
File Path: C:\Users\Jeremy\.m2\repository\classworlds\classworlds\1.1\classworlds-1.1.jar
MD5: C20629BAA65F1F2948B37AA393B0310B
SHA1: 60C708F55DEEB7C5DFCE8A7886EF09CBC1388ECA
Description: A Java framework to parse command line options with annotations.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\beust\jcommander\1.35\jcommander-1.35.jar
Description: Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\fasterxml\jackson\core\jackson-annotations\2.4.2\jackson-annotations-2.4.2.jar
Description: Core Jackson abstractions, basic JSON streaming API implementation
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\fasterxml\jackson\core\jackson-core\2.4.2\jackson-core-2.4.2.jar
Description: General data-binding functionality for Jackson: works on core streaming API
File Path: C:\Users\Jeremy\.m2\repository\com\fasterxml\jackson\core\jackson-databind\2.2.3\jackson-databind-2.2.3.jar
MD5: 6E8D8B13D5D4200B782516D2CD6C9469
SHA1: 03AE380888029DAEFB91D3ECDCA3A37D8CB92BC9
Description: Core library for GitHub Maven plugins
File Path: C:\Users\Jeremy\.m2\repository\com\github\github\github-maven-core\0.11\github-maven-core-0.11.jar
MD5: FCCCA694303431E814C2AC000FCB2122
SHA1: 886B3D35E3C6951E8DE699FD55CF9AB96E7378BE
Description: Maven plugin that commits files to a branch in a GitHub repository
File Path: C:\Users\Jeremy\.m2\repository\com\github\github\site-maven-plugin\0.11\site-maven-plugin-0.11.jar
MD5: 4F79BFDEB9033424D5DF61BEFB5E27E4
SHA1: B44D0F323A653543CE35853C456421FD178ED68E
Description: Annotation supports the FindBugs tool
License:
GNU Lesser Public License: http://www.gnu.org/licenses/lgpl.htmlFile Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\annotations\3.0.0\annotations-3.0.0.jar
Description: Apache Commons Bytecode Engineering Library
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\bcel-findbugs\6.0\bcel-findbugs-6.0.jar
Description: Findbugs: Because it's easy!
License:
GNU Lesser Public License: http://www.gnu.org/licenses/lgpl.htmlFile Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\findbugs\3.0.0\findbugs-3.0.0.jar
Description: jFormatString for Findbugs
License:
GNU Lesser Public License: http://www.gnu.org/licenses/lgpl.htmlFile Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\jFormatString\3.0.0\jFormatString-3.0.0.jar
Description: JSR305 Annotations for Findbugs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\jsr305\2.0.3\jsr305-2.0.3.jar
Description: Google Gson library
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\google\code\gson\gson\2.2.2\gson-2.2.2.jar
Description: This provider use a non ASL license compatible library (svnkit http://svnkit.com/).
License:
ASF: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Jeremy\.m2\repository\com\google\code\maven-scm-provider-svnjava\maven-scm-provider-svnjava\1.13\maven-scm-provider-svnjava-1.13.jar
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\google\guava\guava-jdk5\14.0.1\guava-jdk5-14.0.1.jar
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has two code dependencies - javax.annotation
per the JSR-305 spec and javax.inject per the JSR-330 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\google\guava\guava\15.0\guava-15.0.jar
Description: HtmlCompressor is a small, fast and very easy to use Java library that minifies given HTML or XML source by removing extra whitespaces, comments and other unneeded characters without breaking the content structure. As a result pages become smaller in size and load faster. A command-line version of the compressor is also available.
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Jeremy\.m2\repository\com\googlecode\htmlcompressor\htmlcompressor\1.5.2\htmlcompressor-1.5.2.jar
Description: The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.
JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.
The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme.
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\googlecode\javaewah\JavaEWAH\0.7.9\JavaEWAH-0.7.9.jar
Description: Plugin for formatting Java source code
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\googlecode\maven-java-formatter-plugin\maven-java-formatter-plugin\0.4\maven-java-formatter-plugin-0.4.jar
Description: Annotations used by IntelliJ IDEA for static code analysis
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Jeremy\.m2\repository\com\intellij\annotations\9.0.4\annotations-9.0.4.jar
Description: a proxy to ssh-agent and Pageant in Java
License:
http://www.jcraft.com/jsch-agent-proxy/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.connector-factory\0.0.6\jsch.agentproxy.connector-factory-0.0.6.jar
Description: a proxy to ssh-agent and Pageant in Java
License:
http://www.jcraft.com/jsch-agent-proxy/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.core\0.0.6\jsch.agentproxy.core-0.0.6.jar
File Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.jsch\0.0.6\jsch.agentproxy.jsch-0.0.6.jar
MD5: F4FBE0730E25CD4C72B93B39508AC8E3
SHA1: AEE40B481AD104A578584335B4859E49D4BE4F7A
Description: a proxy to ssh-agent and Pageant in Java
License:
http://www.jcraft.com/jsch-agent-proxy/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.pageant\0.0.6\jsch.agentproxy.pageant-0.0.6.jar
Description: a proxy to ssh-agent and Pageant in Java
License:
http://www.jcraft.com/jsch-agent-proxy/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.sshagent\0.0.6\jsch.agentproxy.sshagent-0.0.6.jar
Description: a proxy to ssh-agent and Pageant in Java
License:
http://www.jcraft.com/jsch-agent-proxy/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.usocket-jna\0.0.6\jsch.agentproxy.usocket-jna-0.0.6.jar
Description: a proxy to ssh-agent and Pageant in Java
License:
http://www.jcraft.com/jsch-agent-proxy/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.usocket-nc\0.0.6\jsch.agentproxy.usocket-nc-0.0.6.jar
Description: JSch is a pure Java implementation of SSH2
License:
Revised BSD: http://www.jcraft.com/jsch/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch\0.1.50\jsch-0.1.50.jar
Description: MKS Integrity - Java API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\mks\api\mksapi-jar\4.10.9049\mksapi-jar-4.10.9049.jar
Description: Maven 2 plugin to check and update license headers in source files
File Path: C:\Users\Jeremy\.m2\repository\com\mycila\license-maven-plugin\2.7\license-maven-plugin-2.7.jar
MD5: A506BDEDCA898BDE2846847F5B5EC1B9
SHA1: 25BAAE2FBE23A55BA6D1D78E676F9F731835D3EC
Description: Parent POM
License:
http://www.apache.org/licenses/LICENSE-2.0.htmlFile Path: C:\Users\Jeremy\.m2\repository\com\mycila\mycila-xmltool\4.2.ga\mycila-xmltool-4.2.ga.jar
Description: Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.txtFile Path: C:\Users\Jeremy\.m2\repository\com\puppycrawl\tools\checkstyle\5.7\checkstyle-5.7.jar
Description:
QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files
complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\thoughtworks\qdox\qdox\1.12.1\qdox-1.12.1.jar
File Path: C:\Users\Jeremy\.m2\repository\com\thoughtworks\xstream\xstream\1.4.4\xstream-1.4.4.jar
MD5: 4B2A6D156777975A7D15FE53A1C37FE7
SHA1: 488E9E4A47AFC81D2B2DEC3C3EB3A4D0F10FE105
Description: Maven HTMLCompressor Plugin allows to compress html/xml by adding a few lines to the pom file.
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Jeremy\.m2\repository\com\tunyk\mvn\plugins\htmlcompressor\htmlcompressor-maven-plugin\1.3\htmlcompressor-maven-plugin-1.3.jar
Description:
The YUI Compressor is a JavaScript compressor which, in addition to removing
comments and white-spaces, obfuscates local variables using the smallest
possible variable name. This obfuscation is safe, even when using constructs
such as 'eval' or 'with' (although the compression is not optimal is those
cases) Compared to jsmin, the average savings is around 20%.
License:
BSD License: http://developer.yahoo.com/yui/license.htmlFile Path: C:\Users\Jeremy\.m2\repository\com\yahoo\platform\yui\yuicompressor\2.4.6\yuicompressor-2.4.6.jar
File Path: C:\Users\Jeremy\.m2\repository\commons-beanutils\commons-beanutils-core\1.8.3\commons-beanutils-core-1.8.3.jar
MD5: 944F66E681239C8353E8497920F1E5D3
SHA1: 75812698E5E859F2CB587C622C4CDFCD61676426
File Path: C:\Users\Jeremy\.m2\repository\commons-beanutils\commons-beanutils\1.7.0\commons-beanutils-1.7.0.jar
MD5: 0F18ACF5FA857F9959675E14D901A7CE
SHA1: 5675FD96B29656504B86029551973D60FB41339B
Description: An implmentation of the GoF Chain of Responsibility pattern
File Path: C:\Users\Jeremy\.m2\repository\commons-chain\commons-chain\1.1\commons-chain-1.1.jar
MD5: D4CE482153073855E7C6453DC3C725CB
SHA1: 3038BD41DCDB2B63B8C6DCC8C15F0FDF3F389012
Description:
Commons CLI provides a simple API for presenting, processing and validating a command line interface.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-cli\commons-cli\1.2\commons-cli-1.2.jar
Description:
The codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-codec\commons-codec\1.6\commons-codec-1.6.jar
Description: Types that extend and augment the Java Collections Framework.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-collections\commons-collections\3.2.1\commons-collections-3.2.1.jar
Description:
The Digester package lets you configure an XML to Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-digester\commons-digester\2.0\commons-digester-2.0.jar
Description: The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
File Path: C:\Users\Jeremy\.m2\repository\commons-httpclient\commons-httpclient\3.0\commons-httpclient-3.0.jar
MD5: CD69C70D6C078F4340BD5E867EC6F1B6
SHA1: 336A280D178BB957E5233189F0F32E067366C4E5
Severity:
Medium
CVSS Score: 5.8
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-20 Improper Input Validation
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.8
CWE: CWE-20 Improper Input Validation
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Vulnerable Software & Versions: (show all)
Description:
The Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-io\commons-io\2.2\commons-io-2.2.jar
Description:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-lang\commons-lang\2.6\commons-lang-2.6.jar
Description: Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.
File Path: C:\Users\Jeremy\.m2\repository\commons-logging\commons-logging\1.1.1\commons-logging-1.1.1.jar
MD5: ED448347FC0104034AA14C8189BF37DE
SHA1: 5043BFEBC3DB072ED80FBD362E7CAF00E885D8AE
Description:
Commons Validator provides the building blocks for both client side validation and server side data validation.
It may be used standalone or with a framework like Struts.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-validator\commons-validator\1.4.0\commons-validator-1.4.0.jar
Description: dom4j: the flexible XML framework for Java
File Path: C:\Users\Jeremy\.m2\repository\dom4j\dom4j\1.6.1\dom4j-1.6.1.jar
MD5: 4D8F51D3FE3900EFC6E395BE48030D6D
SHA1: 5D3CCC056B6F056DBF0DDDFDF43894B9065A8F94
File Path: C:\Users\Jeremy\.m2\repository\jakarta-regexp\jakarta-regexp\1.4\jakarta-regexp-1.4.jar
MD5: 5D8B8C601C21B37AA6142D38F45C0297
SHA1: 0EA514A179AC1DD7E81C7E6594468B9B9910D298
Description: Common Annotations for the JavaTM Platform API
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.htmlFile Path: C:\Users\Jeremy\.m2\repository\javax\annotation\javax.annotation-api\1.2\javax.annotation-api-1.2.jar
Description: JSR-250 Reference Implementation by Glassfish
License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.htmlFile Path: C:\Users\Jeremy\.m2\repository\javax\annotation\jsr250-api\1.0\jsr250-api-1.0.jar
Description: APIs for JSR-299: Contexts and Dependency Injection for Java EE
File Path: C:\Users\Jeremy\.m2\repository\javax\enterprise\cdi-api\1.0\cdi-api-1.0.jar
MD5: 462C0959F0322016495F4598243BC0F2
SHA1: 44C453F60909DFC223552ACE63E05C694215156B
Description: The javax.inject API
File Path: C:\Users\Jeremy\.m2\repository\javax\inject\javax.inject\1\javax.inject-1.jar
MD5: 289075E48B909E9E74E6C915B3631D2E
SHA1: 6975DA39A7040257BD51D21A231B76C915872D38
File Path: C:\Users\Jeremy\.m2\repository\javax\servlet\jsp\jsp-api\2.1\jsp-api-2.1.jar
MD5: B8A34113A3A1CE29C8C60D7141F5A704
SHA1: 63F943103F250EF1F3A4D5E94D145A0F961F5316
File Path: C:\Users\Jeremy\.m2\repository\javax\servlet\servlet-api\2.5\servlet-api-2.5.jar
MD5: 69CA51AF4E9A67A1027A7F95B52C3E8F
SHA1: 5959582D97D8B61F4D154CA9E495AAFD16726E34
Description: Jaxen is a universal Java XPath engine.
License:
http://jaxen.codehaus.org/license.htmlFile Path: C:\Users\Jeremy\.m2\repository\jaxen\jaxen\1.1.4\jaxen-1.1.4.jar
File Path: C:\Users\Jeremy\.m2\repository\jdepend\jdepend\2.9.1\jdepend-2.9.1.jar
MD5: 568D2B54187444B81EAB642ABF49C263
SHA1: 3D3089F585C2740A707C2CB99F4BB149A90D63F0
File Path: C:\Users\Jeremy\.m2\repository\jgoodies\plastic\1.2.0\plastic-1.2.0.jar
MD5: 3241FB05A38C4E2841A3DBA1DD5873FF
SHA1: 81E91A58407950B0907EB26F8F74B7563DFF68BC
Description: JLine is a java library for reading and editing user input in console applications. It features tab-completion, command history, password masking, customizable keybindings, and pass-through handlers to use to chain to other console applications.
License:
BSD: LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\jline\jline\0.9.94\jline-0.9.94.jar
File Path: C:\Users\Jeremy\.m2\repository\jline\jline\0.9.94\jline-0.9.94.jar\jline\jline32.dll
MD5: B3D9A08FF70440BA3638A325512F2CD8
SHA1: 67A55D8F8CA4937D784D4334E554770ADC2A1079
File Path: C:\Users\Jeremy\.m2\repository\jline\jline\0.9.94\jline-0.9.94.jar\jline\jline64.dll
MD5: D2F7B0DB1231AAC1846A857F5C0C4F2C
SHA1: E297E4E990CE820E64D41F3F27B9BE90283F3F96
Description: Date and time library to replace JDK date handling
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\joda-time\joda-time\2.0\joda-time-2.0.jar
Description: Log4j
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\log4j\log4j\1.2.14\log4j-1.2.14.jar
Description:
To compress (Minify + Ofuscate) Javascript files and CSS
files (using YUI Compressor from Julien Lecomte) and/or to check
Javascript files with jslint.
License:
Public domain (Unlicense): http://unlicense.org/File Path: C:\Users\Jeremy\.m2\repository\net\alchim31\maven\yuicompressor-maven-plugin\1.5.1\yuicompressor-maven-plugin-1.5.1.jar
Description: JavaCC is a parser/scanner generator for Java.
License:
Berkeley Software Distribution (BSD) License: http://www.opensource.org/licenses/bsd-license.htmlFile Path: C:\Users\Jeremy\.m2\repository\net\java\dev\javacc\javacc\5.0\javacc-5.0.jar
File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\3.2.2\jna-3.2.2.jar
MD5: 48F0E0081B45AED086FAF7678242A4D4
SHA1: D2598C4F68D43DC96B0FFA60E75BAA54845596FE
File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\3.2.2\jna-3.2.2.jar\com\sun\jna\win32-amd64\jnidispatch.dll
MD5: F2607244D71E97C5FC7CBDAD20EDAA8B
SHA1: CE115BD61A7F2D344C38CC87DCD4989D800CF836
File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\3.2.2\jna-3.2.2.jar\com\sun\jna\win32-x86\jnidispatch.dll
MD5: 4ACE9EEB32DE26548956B5E5841E90CB
SHA1: 8404282D31828B8FF7C7C1D536A6E0C66CCFE86C
Description: Java Native Access Platform
License:
LGPL, version 2.1: http://creativecommons.org/licenses/LGPL/2.1/File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\platform\3.4.0\platform-3.4.0.jar
File Path: C:\Users\Jeremy\.m2\repository\net\sourceforge\pmd\pmd-core\5.2.1\pmd-core-5.2.1.jar
MD5: 3A5FA74BF10B6877D7027C02311B43FB
SHA1: 69D6B11B2826F0840A1BDBE6D6C76A3BC3ED513A
File Path: C:\Users\Jeremy\.m2\repository\net\sourceforge\pmd\pmd-java\5.2.1\pmd-java-5.2.1.jar
MD5: 15AC4D3495E5B20704227017B3E76336
SHA1: 9796B6EC52E61D5EA71FE5300B80F5449835AE22
File Path: C:\Users\Jeremy\.m2\repository\net\sourceforge\pmd\pmd-javascript\5.2.1\pmd-javascript-5.2.1.jar
MD5: A1ECD23CD43AEF7B9DF24C59314CCB58
SHA1: EA1BA7AB0247CB0B0B3B90F0C862E3355786628D
File Path: C:\Users\Jeremy\.m2\repository\net\sourceforge\pmd\pmd-jsp\5.2.1\pmd-jsp-5.2.1.jar
MD5: A61193A22C91BEE2B4A6634543910612
SHA1: 2D7D67ABF022D417B409B148BA11035170970547
Description:
Saxon a complete and conformant implementation of the XSLT 2.0, XQuery 1.0, and XPath 2.0 Recommendations published on 23 January 2007 by W3C
License:
Mozilla Public License Version 1.0: http://www.mozilla.org/MPL/MPL-1.0.txtFile Path: C:\Users\Jeremy\.m2\repository\net\sourceforge\saxon\saxon\9.1.0.8\saxon-9.1.0.8.jar
Description: Maven plugin for JAX-WS RI. Fork of http://jax-ws-commons.java.net/jaxws-maven-plugin/
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\net\trajano\mojo\jaxws-maven-plugin\2.3.8\jaxws-maven-plugin-2.3.8.jar
Description: A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.
File Path: C:\Users\Jeremy\.m2\repository\org\antlr\antlr-runtime\3.1.3\antlr-runtime-3.1.3.jar
MD5: DF926FA1721F4B522C0607017CEFC3C8
SHA1: 3154E3DFD5B7466DF8F5151A95BE70584F74F76C
Description: StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output.
StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization.
It evolved over years of effort developing jGuru.com.
StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org
and powers the ANTLR v3 code generator. Its distinguishing characteristic
is that unlike other engines, it strictly enforces model-view separation.
Strict separation makes websites and code generators more flexible
and maintainable; it also provides an excellent defense against malicious
template authors.
There are currently about 600 StringTemplate source downloads a month.
License:
BSD licence: http://antlr.org/license.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\antlr\stringtemplate\3.2\stringtemplate-3.2.jar
File Path: C:\Users\Jeremy\.m2\repository\org\apache\ant\ant-launcher\1.9.4\ant-launcher-1.9.4.jar
MD5: 16D73969811366B9F9678AF1D0F04D05
SHA1: 334B62CB4BE0432769679E8B94E83F8FD5ED395C
File Path: C:\Users\Jeremy\.m2\repository\org\apache\ant\ant\1.9.4\ant-1.9.4.jar
MD5: 53A32FC286A44982C829DE096BECFA3B
SHA1: 6D473E8653D952045F550F4EF225A9591B79094A
File Path: C:\Users\Jeremy\.m2\repository\org\apache\bcel\bcel\5.2\bcel-5.2.jar
MD5: 43D54687362FC2991D61201C453A8286
SHA1: 96B2CEFEB067C08C31225D48E2A689F814BAAE25
Description:
Apache Commons Compress software defines an API for working with compression and archive formats.
These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-compress\1.4.1\commons-compress-1.4.1.jar
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-lang3\3.3.2\commons-lang3-3.3.2.jar
Description:
HttpComponents Client
File Path: C:\Users\Jeremy\.m2\repository\org\apache\httpcomponents\httpclient\4.3.5\httpclient-4.3.5.jar
MD5: CFA682894E9D25D9202A5059E7E86794
SHA1: 9783D89B8EEA20A517A4AFC5F979BD2882B54C44
Description:
HttpComponents Core (blocking I/O)
File Path: C:\Users\Jeremy\.m2\repository\org\apache\httpcomponents\httpcore\4.3.2\httpcore-4.3.2.jar
MD5: EE3D34DCE4A30C7D3002CADF8C9172C1
SHA1: 31FBBFF1DDBF98F3AA7377C94D33B0447C646B6E
Description:
HttpComponents HttpClient - MIME coded entities
File Path: C:\Users\Jeremy\.m2\repository\org\apache\httpcomponents\httpmime\4.3.5\httpmime-4.3.5.jar
MD5: F009D66937722F9C3C217151ADE1F4D6
SHA1: 1DD0D38DF9C6D21E893F2E52403F1CD99E91CD81
Description: WebDAV library used by the Jackrabbit WebDAV support
File Path: C:\Users\Jeremy\.m2\repository\org\apache\jackrabbit\jackrabbit-webdav\1.5.0\jackrabbit-webdav-1.5.0.jar
MD5: 137D4D30C1C78972FEC7628C94F4F4A1
SHA1: B14C7FBBD34862D4D51C5E72BA3A69CDE892C260
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
Vulnerable Software & Versions: (show all)
Description: Doxia core classes and interfaces.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-core\1.6\doxia-core-1.6.jar
MD5: B6DE6F089320D64D2520E61EBDB0202B
SHA1: 61DD1084EC7D093086DB714537439B02C76F0DEB
Description: The Decoration Model handles the site descriptor, also known as site.xml.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-decoration-model\1.1.4\doxia-decoration-model-1.1.4.jar
MD5: FA6724AFD6DE08472445DBEECD641C29
SHA1: 4555B5CDA12B0CB1F00EC6CC61C5DDB07A81449C
Description: A collection of tools to help the integration of Doxia in Maven plugins.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-integration-tools\1.6\doxia-integration-tools-1.6.jar
MD5: 086CED67C455860A867C1DC06CFCDE71
SHA1: AA12128117FACFA64C1AC8B8F70C6CF1DBF8B5CA
Description: Doxia Logging API.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-logging-api\1.6\doxia-logging-api-1.6.jar
MD5: BB28C3379FF121445269D71386214733
SHA1: ACA027F3574EDCD530014361F3D2AF413BA7A593
Description:
A Doxia module for Almost Plain Text source documents.
APT format is supported both as source and target formats.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-module-apt\1.6\doxia-module-apt-1.6.jar
MD5: 64932E04E11F34E090071E127EE7EDAF
SHA1: 9C453C03B3FF320D09227E494EA66CD0EEBB0272
Description:
A Doxia module for FML source documents.
FML format is only supported as source format.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-module-fml\1.6\doxia-module-fml-1.6.jar
MD5: 8EE4F701BEBF5AE903258753DAF007E1
SHA1: 67E3FAA49307E003BA717EB53330AEB02861DE19
Description:
A Doxia module for Markdown source documents.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-module-markdown\1.6\doxia-module-markdown-1.6.jar
MD5: E276AF019966EA3B60ABCC6663A20FDE
SHA1: 427194DCC65FB7AD8E47FE53DE4800B5869278EA
Description:
A Doxia module for Xdoc source documents.
Xdoc format is supported both as source and target formats.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-module-xdoc\1.6\doxia-module-xdoc-1.6.jar
MD5: 0181294953D40024D9DE2099B74E7DE8
SHA1: 68E3919146BCE8519FC3D750E7EF8FB3685FE1E8
Description:
A Doxia module for Xhtml source documents.
Xhtml format is supported both as source and target formats.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-module-xhtml\1.6\doxia-module-xhtml-1.6.jar
MD5: 7A6AC991E2FA35A6D9AF5F75F975FE55
SHA1: 71DC8D1CE4C5FCD976AECB8339E331BA9F46F7E3
Description: Doxia Sink API.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-sink-api\1.1.4\doxia-sink-api-1.1.4.jar
MD5: 013259A0306738F86118C689A66C7AA8
SHA1: 06BDDCC2ADE60DE8867997061E214E72CF4B9B1D
Description: The Site Renderer handles the rendering of sites.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-site-renderer\1.1.4\doxia-site-renderer-1.1.4.jar
MD5: E7388D2CCF4B6A9B0487725A327B5B3B
SHA1: ECA1027EB69745B0041520E3E4A252DD663527B1
Description:
This component provides the generic interfaces needed to implement custom rules for the maven-enforcer-plugin.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\enforcer\enforcer-api\1.3.1\enforcer-api-1.3.1.jar
MD5: 760E584ECA417F55FF0B5083467555E6
SHA1: 5C8B952625F745FC4B374361D78B34C16E16FE29
Description: This component contains the standard Enforcer Rules
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\enforcer\enforcer-rules\1.3.1\enforcer-rules-1.3.1.jar
MD5: C6FB7A72724048489F407684820A184D
SHA1: FF90178941585324B64D3A86182D325A4A017EA1
Description: Provides utility methods for creating JARs and other archive files from a Maven project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-archiver\2.5\maven-archiver-2.5.jar
MD5: 7495B78E898FB9968487AB47CC1C7E5F
SHA1: C999AE305F22ECFC5A000DCA12A39B9491778BD5
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-artifact-manager\2.2.1\maven-artifact-manager-2.2.1.jar
MD5: F3E76A8A83F422A900886543C48914F7
SHA1: EC355B913C34D37080810F98E3F51ABECBE1572B
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-artifact\2.2.1\maven-artifact-2.2.1.jar
MD5: 7B7613FD5DB72967269ABE7AB50B76E9
SHA1: 23600F790D4DAB2CB965419EAA982E3E84C428F8
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-compat\2.2.1\maven-compat-2.2.1.jar
MD5: 91F082F8A59B1ED84D1026B0C0003140
SHA1: 1CE11FCCD3C94D0D1EE861BD4237B210ACD2C2ED
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-core\2.2.1\maven-core-2.2.1.jar
MD5: 7538CD62A04A378D4C1944E26C793164
SHA1: 6F488E461188496C62E161F32160B3465CE5901E
Description: Provides a manager component which will process a given Throwable instance through a set of diagnostic
sub-components, and return a String message with user-friendly information about the error and possibly
how to fix it.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-error-diagnostics\2.2.1\maven-error-diagnostics-2.2.1.jar
MD5: 8EAA64D20F32C0B0C1BEB9739BBB5FE3
SHA1: E81BB342D7D172F23D108DC8FA979A1FACDCDE8E
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-jxr\2.5\maven-jxr-2.5.jar
MD5: 795C758F5C8A1A8EBE95F5B952D9832B
SHA1: 92DBA1E1C03124397644A55FE97F565C08F32341
Description: Maven Model
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-model\2.2.1\maven-model-2.2.1.jar
MD5: B269F663E3440E40BE4B696D9B7C2260
SHA1: C0A1C17436EC3FF5A56207C031D82277B4250A29
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-monitor\2.2.1\maven-monitor-2.2.1.jar
MD5: 396E401208090417E0F18AD2B1BCCD92
SHA1: AFC57C3A1368CD34CACCB638E00523701F398C20
Description: The API for plugins - Mojos - development.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-plugin-api\3.1.0\maven-plugin-api-3.1.0.jar
MD5: 3A2AF8945D7B2AE38CA33A97F60A9611
SHA1: 8821FD1B81C6B960F7CE39F5DDE612C665146FD8
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-plugin-descriptor\2.2.1\maven-plugin-descriptor-2.2.1.jar
MD5: F28D3A50552A8D2943587638F5F01455
SHA1: 68D20AE3C40C4664DC52BE90338AF796DB7FFB32
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-plugin-parameter-documenter\2.2.1\maven-plugin-parameter-documenter-2.2.1.jar
MD5: 8BA54F6E61F1B07EC7076BD27D3EAA9C
SHA1: 1A117BAAC49437FC5A6FCD9F18F779E6BAD4207E
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-profile\2.2.1\maven-profile-2.2.1.jar
MD5: 53DD14E28AAAD4BD5DD379DFDBF46A4C
SHA1: 3950071587027E5086E9C395574A60650C432738
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-project-builder\3.0-alpha-2\maven-project-builder-3.0-alpha-2.jar
MD5: 3F962398B452901B94A040C5CAC772F6
SHA1: C0549120B6220B1C4AF5A2859BC8196E1C8B6CC0
Description: This library is used to not only read Maven project object model files, but to assemble inheritence
and to retrieve remote models as required.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-project\3.0-alpha-2\maven-project-3.0-alpha-2.jar
MD5: 2E5D64B450EA6CB9EB67E8E0F567C449
SHA1: FD7D64F9E8EC392132C716F07D35416051A7D09A
Description: Per-directory repository metadata.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-repository-metadata\2.2.1\maven-repository-metadata-2.2.1.jar
MD5: C426B243119831168AF2FBD767254F59
SHA1: 98F0C07FCF1EEB213BEF8D9316A9935184084B06
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-settings-builder\3.0\maven-settings-builder-3.0.jar
MD5: 134523C7B38175615B26504E642C960D
SHA1: 08234C1BDF7A9A28C671B0ABF11F8ADAA66440CD
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-settings\2.2.1\maven-settings-2.2.1.jar
MD5: 7C3DCFFD55434A860339DBA78F0C165A
SHA1: 2236FFE71FA5F78CE42B0F5FC22C54ED45F14294
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-toolchain\1.0\maven-toolchain-1.0.jar
MD5: FE52E10C1E277686F0B8492585771D98
SHA1: 1FF4A3F5869F68DFA05562A84E7A5D510D909608
Description: Java 5 annotations to use in Mojos
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugin-tools\maven-plugin-annotations\3.3\maven-plugin-annotations-3.3.jar
MD5: B9617AE0FA56756935298B97C252BFE4
SHA1: 101CB0295BB16C64E85F2B5354B57058E907B061
Description: Runs Ant scripts embedded in the POM
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-antrun-plugin\1.8\maven-antrun-plugin-1.8.jar
MD5: 3A8C5C8A01BFC6A104B7012A968C9BE4
SHA1: 0D02C0AF622AA6A0C86E81C519299E888E0A32A3
Description: A Maven plugin to create archives of your project's sources, classes, dependencies etc. from flexible assembly descriptors.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-assembly-plugin\2.5.3\maven-assembly-plugin-2.5.3.jar
MD5: 910B86CD96763BCDAC6F34883BED9B2B
SHA1: EC5BDF06503FC800864F9C430922317B8AF5F30E
Description: Produce SCM changelog reports.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-changelog-plugin\2.3\maven-changelog-plugin-2.3.jar
MD5: CA7BCA18BB56A20ACD842360B5E858F1
SHA1: 50D90237471F05727D1BC72868CF9EB2AF125C9A
Description: Generates a report on violations of code style and optionally fails the build if violations are detected.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-checkstyle-plugin\2.13\maven-checkstyle-plugin-2.13.jar
MD5: 450E309E9DA0696632F466E394874220
SHA1: 4BAE038CE74FA09FD97C2AD307D56B5C4F5F5CED
Description:
The Maven Clean Plugin is a plugin that removes files generated at build-time in a project's directory.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-clean-plugin\2.6.1\maven-clean-plugin-2.6.1.jar
MD5: 8DCC382DC49B8156A676B1074B4AACFE
SHA1: BFDF7D6C2F8FC8759457E9D54F458BA56AC7B30F
Description: The Compiler Plugin is used to compile the sources of your project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-compiler-plugin\3.2\maven-compiler-plugin-3.2.jar
MD5: 510837B49CD043A646665784287DFAEC
SHA1: AEC10F274AC07FAFAB8906CB1AA69669D753B2C2
Description: Provides utility goals to work with dependencies like copying, unpacking, analyzing, resolving and many more.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-dependency-plugin\2.9\maven-dependency-plugin-2.9.jar
MD5: D714BC22E5FD63834D8F1029794611BD
SHA1: DE4DCFA8D36D9679F3649F11878C92104568122B
Description: Uploads the project artifacts to the internal remote repository.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-deploy-plugin\2.8.2\maven-deploy-plugin-2.8.2.jar
MD5: C9F211A7DDBAAE0583DDE1408C48138A
SHA1: 3C2D83ECD387E9843142AE92A0439792C1500319
Description: The Loving Iron Fist of Maven
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-enforcer-plugin\1.3.1\maven-enforcer-plugin-1.3.1.jar
MD5: E68F035FD5A03FB7A12B6E05BB8D3A20
SHA1: F44A50B9286588AED05D42A6F2C8C362A53B595F
Description: Signs the project artifacts with GnuPG.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-gpg-plugin\1.6\maven-gpg-plugin-1.6.jar
MD5: E2CD7843F0714F8EEBFF181011817E0D
SHA1: 4EC125296D79F591E412CCC8EBDFCC3A91E2CDD7
Description: Copies the project artifacts to the user's local repository.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-install-plugin\2.5.2\maven-install-plugin-2.5.2.jar
MD5: 5D888555943FB34FFC35EAC586E7747E
SHA1: 8A67631619FC3C1D1F036E59362DDCE71E1E496F
Description: Builds a Java Archive (JAR) file from the compiled project classes and resources.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-jar-plugin\2.5\maven-jar-plugin-2.5.jar
MD5: AD9DA176415F358AE3EE404222EA57A9
SHA1: 344D667F5EC8B90D03D698D096A1147672FC522F
Description:
The Apache Maven Javadoc Plugin is a plugin that uses the javadoc tool for
generating javadocs for the specified project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-javadoc-plugin\2.10.1\maven-javadoc-plugin-2.10.1.jar
MD5: F57A7D10960AFFB06443851532ECE7C1
SHA1: 5340B83668C2EEE6651E27D7CF9478F44821DC10
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-jxr-plugin\2.5\maven-jxr-plugin-2.5.jar
MD5: 5F5DA32412C41571D8D65FB27BBAD10C
SHA1: 14ACE45746A3E73040EF30CF23C205A0B4E0B092
Description:
A Maven plugin for the PMD toolkit, that produces a report on both code rule violations and detected copy and paste
fragments,
as well as being able to fail the build based on these metrics.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-pmd-plugin\3.3\maven-pmd-plugin-3.3.jar
MD5: 015C91C43FF4424814844EC5E40C11D5
SHA1: AD9D3F5107FA4B7B97C193FCDECEAAF0E8562BD2
Description:
The Maven Project Info Reports Plugin is a plugin that generates standard reports
for the specified project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-project-info-reports-plugin\2.8\maven-project-info-reports-plugin-2.8.jar
MD5: 0AD51FC1D1F0E68526510AEB57A1B863
SHA1: D41069957B9BC11766AD11B22CADD09F404F5BF4
Description: This plugin is used to release a project with Maven, saving a lot of repetitive, manual work.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-release-plugin\2.5.1\maven-release-plugin-2.5.1.jar
MD5: 50A6E93751041225547B3CDAF139A210
SHA1: 2D97758E16251550F5D6A0D4C23B348B834CCD0F
Description:
The Resources Plugin handles the copying of project resources to the output
directory. There are two different kinds of resources: main resources and test resources. The
difference is that the main resources are the resources associated to the main
source code while the test resources are associated to the test source code.
Thus, this allows the separation of resources for the main source code and its
unit tests.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-resources-plugin\2.7\maven-resources-plugin-2.7.jar
MD5: 1992654402055D45FBCC84E5DC2911E6
SHA1: 94AF11389943A480ECEC7DB01B4DED1B9CDF57C5
Description: Maven Plugin that allows accessing different SCMs.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-scm-plugin\1.9.2\maven-scm-plugin-1.9.2.jar
MD5: 58DAADCB23CF105780CD23D1B9D9CB89
SHA1: D086BAA3B14607AA48387D4889DC20C631D41CB1
Description: The Maven Site Plugin is a plugin that generates a site for the current project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-site-plugin\3.4\maven-site-plugin-3.4.jar
MD5: 74FC9747A6621866BC1F58CE63FCF78B
SHA1: 659CD5F1DD8BFF554CF52603339494CBF7F283C5
Description: The Maven 2 Source Plugin creates a JAR archive of the source files of the current project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-source-plugin\2.4\maven-source-plugin-2.4.jar
MD5: 7A09629D4455159172CDC8EC7A88D8A4
SHA1: 46F0D7F7823D729BA300D3F8929900C7E9CB5AC0
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-surefire-plugin\2.18.1\maven-surefire-plugin-2.18.1.jar
MD5: 32C355BE4424C35F6AAB5F6954B06011
SHA1: 402FD3066FD6D85EA4A1A3E7CD82A7E35037E6E8
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-surefire-report-plugin\2.18.1\maven-surefire-report-plugin-2.18.1.jar
MD5: BEB072D2D6C7AA5AB1F1E3A4139D3B27
SHA1: BBDBBBBE56879A7465AB083B64C764F4F41D9903
Description: Builds a Web Application Archive (WAR) file from the project output and its dependencies.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-war-plugin\2.6\maven-war-plugin-2.6.jar
MD5: 7F5F4699147B98B9AB1EE218615B7477
SHA1: E02EEF0EABB0A67A5F4A048212D3C0232976C9E8
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\release\maven-release-api\2.5.1\maven-release-api-2.5.1.jar
MD5: 7A1C8BAF3C9F4BFD82682370BFB61638
SHA1: AB0958E483C113BC757E89835AC2D5C677078DD5
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\release\maven-release-manager\2.5.1\maven-release-manager-2.5.1.jar
MD5: 858EAA5BE92426BF05FE97CABF0E1207
SHA1: CBC891B44CEB2BA78A463087723C8B51F1141D7E
Description: API to manage report generation.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\reporting\maven-reporting-api\3.0\maven-reporting-api-3.0.jar
MD5: 48CD00ABC388C5156879B335E869ADAB
SHA1: B2541DD07D08CD5EFF9BD4554A2AD6A4198E2DFE
Description: Classes to manage report plugin executions with Maven 3.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\reporting\maven-reporting-exec\1.2\maven-reporting-exec-1.2.jar
MD5: 6A2EF57BF3642D82A4363F23F2BC06D5
SHA1: E0D95FC8F5C4ABB846142998C176A06BC71C5AE2
Description: Abstract classes to manage report generation.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\reporting\maven-reporting-impl\2.2\maven-reporting-impl-2.2.jar
MD5: 374A6837C2AE2FC5FF814B2C31B6E6D6
SHA1: 42D1BD175ECA91BCC613B699331125AB3B2292E1
Description: The SCM API provides mechanisms to manage all SCM tools.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-api\1.8\maven-scm-api-1.8.jar
MD5: 1DEDE061CE699FDD80EA96AAFD72EC35
SHA1: ED97C180FB299713862C17C07006CC24137973CC
Description: SCM Plexus component.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-manager-plexus\1.8\maven-scm-manager-plexus-1.8.jar
MD5: F82E2C3B2B32CA1ED61E543FD46F9B57
SHA1: 0C40252207550975E3235816A24EED3C932A4C72
Description: SCM Provider implementation for AccuRev (http://www.accurev.com/).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-accurev\1.9.2\maven-scm-provider-accurev-1.9.2.jar
MD5: 67BC8308A48380F6454D968ADE42737E
SHA1: E0B4387D06131277AD70718408D0141C1974E3C3
Description: SCM Provider implementation for Bazaar (http://bazaar-vcs.org/).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-bazaar\1.8\maven-scm-provider-bazaar-1.8.jar
MD5: DE72550FBE7BF252AEEEEC9193CF82C4
SHA1: F1AC373BBAB601A401C8C7A32C9C79DF40B2AEC0
Description: SCM Provider implementation for Clearcase (http://www-306.ibm.com/software/awdtools/clearcase/).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-clearcase\1.8\maven-scm-provider-clearcase-1.8.jar
MD5: 5B506E7656856E57B04339DFB0A4E2DF
SHA1: AFE2771B02524F218B8CB1A4F46A4B8084D81E46
Description: Common library for SCM CVS Provider.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-cvs-commons\1.9.2\maven-scm-provider-cvs-commons-1.9.2.jar
MD5: C3875E63B604C1C585BF731A8D2B9517
SHA1: 4F65B88F1C1D61C1E94D3F2DEEBBA0EC3F80E12E
Description: Executable implementation for SCM CVS Provider.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-cvsexe\1.8\maven-scm-provider-cvsexe-1.8.jar
MD5: 108CE95885945384D951FE0DD247C60B
SHA1: 38138AB8C05D1A138F799853854B58076D17013F
Description: Java implementation for SCM CVS Provider.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-cvsjava\1.8\maven-scm-provider-cvsjava-1.8.jar
MD5: 8733AC4F7EE027BC3BB24EC053DD82E9
SHA1: CE4F6CADB1716B223BBF14155B87769EC629E04F
Description: Common library for SCM Git Provider.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-git-commons\1.9.2\maven-scm-provider-git-commons-1.9.2.jar
MD5: 5A35C7C9BFABEE178BCB7CF940D516AE
SHA1: DD202A7EF6A0C932C442BECAAF6CC85C6DB008D8
Description: Executable implementation for SCM Git Provider.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-gitexe\1.8\maven-scm-provider-gitexe-1.8.jar
MD5: 65ED02D6D9C322C66B536F7847C2BA73
SHA1: 3FDDB3A0F932FEF6351F7212EBC2AD5F867DC78E
Description: SCM Provider implementation for Mercurial Hg (http://www.selenic.com/mercurial/wiki/).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-hg\1.8\maven-scm-provider-hg-1.8.jar
MD5: D9CDD91F70D7070DC2AC1866336BD20B
SHA1: 50E193AABA8DC8DBF73FCD17B6C991EFCE152EB0
Description: SCM Provider implementation for MKS Integrity : http://mks.com/
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-integrity\1.9.2\maven-scm-provider-integrity-1.9.2.jar
MD5: 3C9B1D75293C8AE3F94D451AF6D972B1
SHA1: 612078DB4AA1F7F3EC13D38C89AE74F65BB24255
Description: A Maven SCM Provider for IBM Jazz SCM (http://jazz.net/).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-jazz\1.8\maven-scm-provider-jazz-1.8.jar
MD5: 96F0E3076FCEC7A6A28767E12F8EB1DA
SHA1: 8FB95ACF3C0211D9C1578403FFA34A3923A9E7E2
Description: SCM Provider implementation for Local.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-local\1.8\maven-scm-provider-local-1.8.jar
MD5: D9A16A10F0AC68DD4A1241A19FC44C86
SHA1: 0207E07689F93004BB4F43B8229D0727B446622A
Description: SCM Provider implementation for Perforce (http://www.perforce.com/).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-perforce\1.8\maven-scm-provider-perforce-1.8.jar
MD5: 7102CBE62E71B819E9222673A541F6F1
SHA1: A5240A5CF6526F5FB3BCB9B5C29A850A193A245D
Description: SCM Provider implementation for Starteam (http://www.borland.com/us/products/starteam/index.html).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-starteam\1.8\maven-scm-provider-starteam-1.8.jar
MD5: 7D7EAB16E6FC880FE300B7E4C68DD062
SHA1: 1563B30B2329578E38CC3F4AC45506C3657D0E1D
Description: Common library for SCM SVN Provider. Includes the svn-settings.xml configuration model.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-svn-commons\1.8\maven-scm-provider-svn-commons-1.8.jar
MD5: 6DDCB74F815AC42166B944919F9A0011
SHA1: 356B8FD88A89D356392F01554C68D2336113D979
Description: Executable library for SCM SVN Provider.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-svnexe\1.8\maven-scm-provider-svnexe-1.8.jar
MD5: F6283E5AA96688A62153B2DE4560AEA1
SHA1: 0758A18CC366CC40ED95E31D1F73F8E75E0577EC
Description: SCM Provider implementation for Synergy (http://www.telelogic.com/corp/products/synergy/index.cfm).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-synergy\1.8\maven-scm-provider-synergy-1.8.jar
MD5: 5B340F5120420682558B4FC8B1C6F22C
SHA1: 8CD64430B32461842946BF6CCFBCCFD86B6AF585
Description: A Maven 2 SCM Provider for Microsoft Visual Studio Team Foundation Server.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-tfs\1.9.2\maven-scm-provider-tfs-1.9.2.jar
MD5: 44C10B964471D9B0EFD73FFCC08E53CD
SHA1: 9AFFB5FA0090BE94CAD0C6A8CF8743869740B1EB
Description: SCM Provider implementation for VSS (http://msdn.microsoft.com/en-us/vstudio/aa700907.aspx).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-vss\1.8\maven-scm-provider-vss-1.8.jar
MD5: 7BB06CFBE84825EB6C7049D946C875FF
SHA1: F3CB3F2D55A463FD65EA8961F67D2791058A0392
Description: Basic API for lightweight logging
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\file-management\1.1\file-management-1.1.jar
MD5: 48C2ABE6B3A5045649714D06ECEB6BBD
SHA1: 1A751B5B40520478458F31DCA58D763C34580755
Description: A collection of ready-made filters to control inclusion/exclusion of artifacts during dependency resolution.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-common-artifact-filters\1.4\maven-common-artifact-filters-1.4.jar
MD5: F349D565D928FF833DD1118EA565810E
SHA1: DE97FF2EFD804F06C3698A914F2D55205742BCC4
Description:
Analyzes the dependencies of a project for undeclared or unused artifacts.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-dependency-analyzer\1.5\maven-dependency-analyzer-1.5.jar
MD5: B24E53FD2C1F4D2E7391010AB3F200E5
SHA1: DFC3552493B894B57499F731A281E42C7356BC9B
Description: A tree-based API for resolution of Maven project dependencies
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-dependency-tree\2.2\maven-dependency-tree-2.2.jar
MD5: C9B2C60A0FD118C04595DB246F3075A2
SHA1: 5D9CE6ADD7B714B8095F0E3E396C5E9F8C5DCFEF
Description: A collection of tools to help the integration of Doxia in Maven plugins.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-doxia-tools\1.2.1\maven-doxia-tools-1.2.1.jar
MD5: CC155EF6A28AF35660D03F5A75AC16FC
SHA1: C128C05D70E617F710A46DF709C4BB3A85233444
Description: A component to assist in filtering of resource files with properties from a Maven project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-filtering\1.3\maven-filtering-1.3.jar
MD5: 70945F82A560019AA51DE31AB1210DEB
SHA1: 3E4F4C305D40C598763ED842F52FAEB4DFB63C6C
Description: A component to programmatically invoke Maven.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-invoker\2.1.1\maven-invoker-2.1.1.jar
MD5: A828C635D3EA613E5B116A5F5FE70756
SHA1: 78CB230A29F501CF0631070E78F436902E3305DD
Description: A shared component to assist in interpolating file names using properties from a Maven project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-mapping\1.0\maven-mapping-1.0.jar
MD5: 5B376B298DEA015E594DE0C3000ED4C7
SHA1: 73181B19212DD4328FB2858CD08F01EE0D485C0E
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-repository-builder\1.0\maven-repository-builder-1.0.jar
MD5: B977B4412B5476B6F104B11E65CFDC2C
SHA1: 2E68CDA42D3A849BF7DE013F58DFF8D2913E8174
Description:
Various utility classes and plexus components for supporting
incremental build functionality in maven plugins.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-shared-incremental\1.1\maven-shared-incremental-1.1.jar
MD5: 8A48E08AA027A7AC33FCC85054512021
SHA1: 9D017A7584086755445C0A260DD9A1E9EAE161A5
Description: API for I/O support like logging, download or file scanning.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-shared-io\1.1\maven-shared-io-1.1.jar
MD5: FE668F50B2C0EDC8707609F792CA4036
SHA1: 02E1D57BE05ECAC7DBE56A3C73B113E98F22240F
Description:
Utilities that help identify the contents of a JAR, including Java class analysis and Maven metadata analysis.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-shared-jar\1.1\maven-shared-jar-1.1.jar
MD5: 67DD345E21509E2F32A90448D85B791E
SHA1: BA7D4068AAD3153E2BE5AC9D445057CC1F9E4069
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-shared-utils\0.7\maven-shared-utils-0.7.jar
MD5: 96BA4884A1C007E9C88CBC300FDADA45
SHA1: 0704E679088765E7DF5E1EF3EEF400C4A061C9EF
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\surefire\maven-surefire-common\2.18.1\maven-surefire-common-2.18.1.jar
MD5: 4D733B6DCF2E35A76B887C28B011B507
SHA1: 9FFF3EE116243C395AA42C9139499D6FE4AE7994
Description: A collection of ready-made filters to control inclusion/exclusion of artifacts during dependency resolution.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\surefire\maven-surefire-common\2.18.1\maven-surefire-common-2.18.1.jar\META-INF/maven/org.apache.maven.shared/maven-common-artifact-filters/pom.xml
MD5: 7995D42A1B25069605608ED5958DB95B
SHA1: E28CE2F08D032AE25C83B9BDE56DF51E3420D6FF
Description: Shared utils without any further dependencies
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\surefire\maven-surefire-common\2.18.1\maven-surefire-common-2.18.1.jar\META-INF/maven/org.apache.maven.shared/maven-shared-utils/pom.xml
MD5: CA630CF6049557AB8D02FE8B514CE11C
SHA1: 86C6539DEBC641D1E5B6835363E19D373CF5403C
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\surefire\surefire-api\2.18.1\surefire-api-2.18.1.jar
MD5: 4513295E824B16CF6FDB7C99ABFD3CD1
SHA1: 7838E4F65460DDDE64BF818BEBFADE0B1C630DE6
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\surefire\surefire-booter\2.18.1\surefire-booter-2.18.1.jar
MD5: 9629E1D43834645E4639FA6AD1DCD020
SHA1: 0EB85FE5A28CB9FD6BF9381DC95A45F7ACAB6B9C
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\surefire\surefire-report-parser\2.18.1\surefire-report-parser-2.18.1.jar
MD5: E6224CC26DB98531B78751340AF76EC4
SHA1: 40E05585E401E1905769E2E575B50C021B170849
Description:
Wagon provider that gets and puts artifacts using file system protocol
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-file\2.7\wagon-file-2.7.jar
MD5: 03CEDD9762DFD09B7BA73A46B34AFF6C
SHA1: CB6ACC07E78040882F3098B614F9C9F84475F770
Description:
Wagon provider that gets and puts artifacts through http using standard Java library
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-http-lightweight\2.7\wagon-http-lightweight-2.7.jar
MD5: 267E72A756B70A01D88BB765719CBE70
SHA1: 5041B265F51B977E5E91F49F8DA97A6093B3853C
Description:
Shared Library for wagon providers supporting HTTP.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-http-shared\2.7\wagon-http-shared-2.7.jar
MD5: 695F9A310CB52F4BE563CA1B590CDF84
SHA1: 01BC428F7A784DFB21F1F17B6A439A0D7D972E38
Description:
Wagon that gets and puts artifacts through http using Apache commons-httpclient
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-http\1.0-beta-6\wagon-http-1.0-beta-6.jar
MD5: CACDB02E0D797E60306DBFE298814F9F
SHA1: 8C665CBB0AB67C355FBD2C942AD26E39753B6F2E
Description: Maven Wagon API that defines the contract between different Wagon implementations
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-provider-api\1.0-beta-6\wagon-provider-api-1.0-beta-6.jar
MD5: 63826E38E44F08E7935C1D173667ED8C
SHA1: 3F952E0282AE77AE59851D96BB18015E520B6208
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-ssh-common\2.7\wagon-ssh-common-2.7.jar
MD5: 91F72ED89CCF9D532E03EB37BD3BCDE8
SHA1: 34A2434480011491513F15B8BB5FACC1AAFACB84
Description:
Wagon that gets and puts artifacts using SSH protocol with a preinstalled SSH client
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-ssh-external\1.0-beta-6\wagon-ssh-external-1.0-beta-6.jar
MD5: 729534F8ECEF194BAB3B5BD23AFDB123
SHA1: 76918505C5FA6E309CD393ACA8ACD1B236559288
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-ssh\2.7\wagon-ssh-2.7.jar
MD5: 695A1AA241CA4C56893F04FB3F96028C
SHA1: F1CBEE4854B4C3BD72FEF2DDB573F3E4E6EDF152
Description:
Wagon that gets and puts artifacts through webdav protocol
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-webdav-jackrabbit\1.0-beta-6\wagon-webdav-jackrabbit-1.0-beta-6.jar
MD5: 54E5811336DAB214BD598B4AC92CDF99
SHA1: B694B223D0F19ABCB32E304EBD5054061EE0F7B5
File Path: C:\Users\Jeremy\.m2\repository\org\apache\struts\struts-core\1.3.8\struts-core-1.3.8.jar
MD5: 868DE456B4D4331D6DCC4E8D3BEE884E
SHA1: 66178D4A9279EBB1CD1EB79C10DC204B4199F061
Severity:
High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
Vulnerable Software & Versions: (show all)
File Path: C:\Users\Jeremy\.m2\repository\org\apache\struts\struts-tiles\1.3.8\struts-tiles-1.3.8.jar
MD5: F41992AB2729B1CB9C6B4721465AA4E4
SHA1: 6D212F8EA5D908BC9906E669428B7694DFF60785
Severity:
High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
Vulnerable Software & Versions: (show all)
Description: Core Tomcat implementation
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\embed\tomcat-embed-core\7.0.47\tomcat-embed-core-7.0.47.jar
MD5: 38F021E74EC1B7E1220E029983645A39
SHA1: 90A3592062ED93565AB0CFA6905F4D03E5A29DFB
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1
CWE: CWE-264 Permissions, Privileges, and Access Controls
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
Vulnerable Software & Versions:
Description: log4j logging implementation for embedded Tomcat
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\embed\tomcat-embed-logging-log4j\7.0.47\tomcat-embed-logging-log4j-7.0.47.jar
MD5: 06BF2270016BBDB81A17A38EA02F44A0
SHA1: 62CDF85DD72A34F4269188AB8CD7F873AA65273A
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\maven\common-tomcat-maven-plugin\2.2\common-tomcat-maven-plugin-2.2.jar
MD5: 9E11F13EA30BB52D4273F3D299932A84
SHA1: 3ABE5D3F487698DE1039B1A8999A1A2569C017EA
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-352
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.8
CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.6
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
Vulnerable Software & Versions:
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\maven\tomcat7-war-runner\2.2\tomcat7-war-runner-2.2.jar
MD5: 75CF811178A5D6C52F515C07B5DEEDA6
SHA1: C183B7947E496E6A283001020AEFB4BA9D86FE6E
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-352
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.8
CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.6
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
Vulnerable Software & Versions:
Description: Expression language package
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat-el-api\7.0.47\tomcat-el-api-7.0.47.jar
MD5: 3494DF7DB6850E6FBA2DD1BB34BDA56E
SHA1: E4ED09B8BAEC591475F570D4F84FF29733A61F97
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1
CWE: CWE-264 Permissions, Privileges, and Access Controls
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
Vulnerable Software & Versions:
Description:
VelocityTools is an integrated collection of Velocity subprojects
with the common goal of creating tools and infrastructure to speed and ease
development of both web and non-web applications using the Velocity template
engine.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\apache\velocity\velocity-tools\2.0\velocity-tools-2.0.jar
Description: Apache Velocity is a general purpose template engine.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\velocity\velocity\1.5\velocity-1.5.jar
MD5: 8D46D30A37E1CF2047CDFA73C552E8A9
SHA1: 09F306BAF7523FFC0E81A6353D08A584D254133B
Description: BeanShell
File Path: C:\Users\Jeremy\.m2\repository\org\beanshell\bsh\2.0b4\bsh-2.0b4.jar
MD5: A1C60AA83C9C9A6CB2391C1C1B85EB00
SHA1: A05F0A0FEEFA8D8467AC80E16E7DE071489F0D9C
Description:
Feature discovery API.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\gmaven\feature\gmaven-feature-api\1.4\gmaven-feature-api-1.4.jar
MD5: 8C4389691DF05C2B2841E15AE1F79C95
SHA1: B4107140E049D0CD67B7C333D1A5EEA1653BC0BC
Description:
Provides support for feature discovery.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\gmaven\feature\gmaven-feature-support\1.4\gmaven-feature-support-1.4.jar
MD5: 2ECF8F0D9961F0CFD0DC88A84E9714DD
SHA1: C910ADD82C1FBD4D25A101538239CE8364F79063
Description:
Provides support for implementing Maven 2 plugins in Groovy.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\gmaven\gmaven-mojo\1.4\gmaven-mojo-1.4.jar
MD5: AA8748DA9A663D848EBF1ECFF900824F
SHA1: CB509864DE4B3ECD8B1D67261DF1E3ADAD54D945
Description:
Provides support for execution, compilation and other facets of Groovy development.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\gmaven\gmaven-plugin\1.4\gmaven-plugin-1.4.jar
MD5: C981AB217D106D111CE920152280C873
SHA1: 036286056D27951657DBF58C4124B9E43B76FA44
Description:
Support for Groovy 1.5.x.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\gmaven\runtime\gmaven-runtime-1.5\1.4\gmaven-runtime-1.5-1.4.jar
MD5: 527ACF647A10B6738E53EFAC4D8C5F88
SHA1: 6D4CD6D1FA1D4CDF22D8DA43347626CB7DA8CA86
Description:
Groovy runtime API.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\gmaven\runtime\gmaven-runtime-api\1.4\gmaven-runtime-api-1.4.jar
MD5: B20A81CBD244CF4874BF2412A701E173
SHA1: 605BCE312BD16596B7C8172BFFC1A68E3FE64DA1
Description:
Groovy runtime loader.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\gmaven\runtime\gmaven-runtime-loader\1.4\gmaven-runtime-loader-1.4.jar
MD5: ABA5C8E1B33B575648EC81159366FA4B
SHA1: 8382DBAC609A1F0F690C741844819CB4B02FB676
Description:
Support for Groovy Runtime implementations.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\gmaven\runtime\gmaven-runtime-support\1.4\gmaven-runtime-support-1.4.jar
MD5: C46480D05FA44399CDAEFA2819BB411B
SHA1: BBD553FA9DACC71D072813480DA85570C75E4CB7
Description:
Groovy: A powerful, dynamic language for the JVM
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\groovy\groovy-all-minimal\1.5.8\groovy-all-minimal-1.5.8.jar
MD5: F9D1409298F02E76148ACF2C2ACF9B5D
SHA1: CF8D95C0D9D4FD08B814C0EB5E32E0216CD07E0D
Description:
Commons CLI provides a simple API for presenting, processing and validating a command line interface.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\groovy\groovy-all\1.7.4\groovy-all-1.7.4.jar
MD5: 9548C603235A4B8AA2E50A0DAB241261
SHA1: 54EBF39B7B76F736253FC14159C868BCECEF1D39
Description:
Animal Sniffer Maven Plugin.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\animal-sniffer-maven-plugin\1.13\animal-sniffer-maven-plugin-1.13.jar
MD5: 872B8306826A789DC080D8BE1932F860
SHA1: 9F745754A3A64134E9D3817997E70DF969E3E416
Description:
Animal Sniffer.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\animal-sniffer\1.13\animal-sniffer-1.13.jar
MD5: 362B767AC3643718A972F84021F96E31
SHA1: 782B2119FA23DF9127666A2583E6EA7D638D3D9B
Description: This plugin contains various small independent goals to assist with Maven build lifecycle
License:
The MIT License: http://www.opensource.org/licenses/mit-license.phpFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\build-helper-maven-plugin\1.9.1\build-helper-maven-plugin-1.9.1.jar
Description:
This plugin is designed to give you a build number. So when you might make 100 builds of version
1.0-SNAPSHOT, you can differentiate between them all.
License:
The MIT License: LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\buildnumber-maven-plugin\1.3\buildnumber-maven-plugin-1.3.jar
Description: This Plug-In generates reports based on the FindBugs Library
License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\findbugs-maven-plugin\3.0.0\findbugs-maven-plugin-3.0.0.jar
Description:
Queries a java home in order to find its boot class path.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\java-boot-classpath-detector\1.13\java-boot-classpath-detector-1.13.jar
MD5: D716CCD819D9A184EA4666FB8625C4C3
SHA1: 82E48332B3571AA8134235D50FABA9F4999631D5
Description: Maven plugin that generates JDepend reports for your projects.
License:
Apache License 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\jdepend-maven-plugin\2.0\jdepend-maven-plugin-2.0.jar
Description: Analyze and report metrics on source code
License:
MIT License: http://www.opensource.org/licenses/mit-license.phpFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\sonar-maven-plugin\2.5\sonar-maven-plugin-2.5.jar
Description: Produce a tag list report.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\taglist-maven-plugin\2.4\taglist-maven-plugin-2.4.jar
Description:
Tidy Plugin for Maven. The Tidy plugin provides goals for tidying up
your source code.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\tidy-maven-plugin\1.0-alpha-2\tidy-maven-plugin-1.0-alpha-2.jar
Description:
Versions Plugin for Maven 2. The Versions Plugin updates the versions of components in the POM.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\versions-maven-plugin\2.1\versions-maven-plugin-2.1.jar
Description:
Maven plugin that can be used to access various operations on a given URL using a supported maven wagon. Supports
recursive upload, download, and list directory content functionality.
License:
Apache License 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\wagon-maven-plugin\1.0\wagon-maven-plugin-1.0.jar
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-archiver\2.9.1\plexus-archiver-2.9.1.jar
MD5: 0FD1399EA9740596C25A626DD22B049B
SHA1: 091D480758076ED0A219DEABBFDB3A33358B2F2B
Description: A class loader framework
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-classworlds\2.2.2\plexus-classworlds-2.2.2.jar
MD5: A7D552779645C1F7368FDAEF3401C9CC
SHA1: 3A2BAD2B58C1CA765D3F471CEA8C1655D70FDFD9
Description: Plexus Compilers component's API to manipulate compilers.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-compiler-api\2.4\plexus-compiler-api-2.4.jar
MD5: 6B2A059092CBA0EADC669DB9896739A4
SHA1: 7A6C9AFFE8C8C07846492416A9061A452DFF02E9
Description: Javac Compiler support for Plexus Compiler component.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-compiler-javac\2.4\plexus-compiler-javac-2.4.jar
MD5: 24B9012DA605CB316AD238725C82737F
SHA1: B3984FB5AF1D4FD8928A13522CE9458D3976DED8
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-compiler-manager\2.4\plexus-compiler-manager-2.4.jar
MD5: 48AB1166FC8C7F96E9CCB5811855C2FB
SHA1: 4E83394EE95FD212C67502C52DB3951BFC9F7D3E
Description:
Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
standard annotations instead of javadoc annotations.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-component-annotations\1.5.5\plexus-component-annotations-1.5.5.jar
MD5: EF37DCDB84030422DB428B63C4354E5B
SHA1: C72F2660D0CBED24246DDB55D7FDC4F7374D2078
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-container-default\1.0-alpha-9\plexus-container-default-1.0-alpha-9.jar
MD5: AB910F683A0B11C9CA7E0A95DD47F6A5
SHA1: 50596183CD7B688D9D7B6D868A0193CA1A8A7B3D
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-digest\1.0\plexus-digest-1.0.jar
MD5: D068135769A92C23DACCBC722BA4658E
SHA1: 5F6A5A5140CD39E8C987CF6C31429D917B31166E
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-i18n\1.0-beta-7\plexus-i18n-1.0-beta-7.jar
MD5: 65D4F673BD0C49DBC67E020E96B00753
SHA1: 3690F10A668B3C7AC2EF563F14CFB6B2BA30EE57
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-interactivity-api\1.0-alpha-4\plexus-interactivity-api-1.0-alpha-4.jar
MD5: C8CE4CFD3B7B6419C00DCB780A6EB603
SHA1: 0A8F1178664A5457EEF3F4531EB62F9505E1295F
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-interpolation\1.22\plexus-interpolation-1.22.jar
MD5: B129E421E0E7DFF2DF1B9769CA2968D5
SHA1: 1A3C07196AD64B0C5378EE1A2092FD72952E20BD
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-io\2.4.1\plexus-io-2.4.1.jar
MD5: 0A4E9CCFECE04D313CB69DEDD172216E
SHA1: 62996B2EF6BBA440CA126CD6B59212F97E64C4CA
Description: A component to transparently retrieve resources from the filesystem, classpath or internet.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-resources\1.0-alpha-7\plexus-resources-1.0-alpha-7.jar
MD5: 2FDB117F61BA5E67AF7475B57805E76C
SHA1: 5A847914BA6045EB265D0DBB4329413471858DED
Description: A collection of various utility classes to ease working with strings, files, command lines, XML and more.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-utils\3.0.1\plexus-utils-3.0.1.jar
MD5: CF747DC19D955A291A512DA1052957B5
SHA1: 06658663C32332061C039D7A88B3700B9A6661EE
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-velocity\1.1.8\plexus-velocity-1.1.8.jar
MD5: 39C87159CBB8CFAB726A0F4E94406421
SHA1: D6B34818C82CD2E2F7BC75A2852D31283D154291
License:
http://www.gnu.org/licenses/lgpl.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\sonar\runner\sonar-runner-api\2.4\sonar-runner-api-2.4.jar
Description: Library for making HTTP requests
License:
MIT License: http://www.opensource.org/licenses/mit-license.phpFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\sonar\runner\sonar-runner-api\2.4\sonar-runner-api-2.4.jar\META-INF/maven/com.github.kevinsawicki/http-request/pom.xml
Description:
Commons-IO contains utility classes, stream implementations, file filters, file comparators and endian classes.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\sonar\runner\sonar-runner-api\2.4\sonar-runner-api-2.4.jar\META-INF/maven/commons-io/commons-io/pom.xml
MD5: DDA7E7373FA85EE2798FD76A4ACEDD4E
SHA1: 0E85782DE6E708D9B62C7C2FE46634933B431137
Description: Access the user home directory that contains cache of files
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\sonar\runner\sonar-runner-api\2.4\sonar-runner-api-2.4.jar\META-INF/maven/org.codehaus.sonar/sonar-home/pom.xml
MD5: C690AE11427F8EE504E560C5A59DA996
SHA1: 1F549DAD9D0981B17E438D456AA06B61CD2D5226
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\sonar\runner\sonar-runner-api\2.4\sonar-runner-api-2.4.jar\sonar-runner-batch.jar
MD5: A83EC851C8F9DEBF546B5A5E9C37B20F
SHA1: 24C4511D34774B124AA9A1E75F0F0F040B2DCB98
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\sonar\runner\sonar-runner-api\2.4\sonar-runner-api-2.4.jar\sonar-runner-impl.jar
MD5: 4BD52887CE2B173C8B5C45CDAAF4A05D
SHA1: A1E69B8CF8E9A2F479EE766E06E0B8B4865C13B3
Description: Woodstox is a high-performance XML processor that implements Stax (JSR-173) API
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\woodstox\wstx-asl\3.2.7\wstx-asl-3.2.7.jar
MD5: 5CA667E626A1B2F3E5522CB431370CC6
SHA1: 252C7FAAE9CE98CB9C9D29F02DB88F7373E7F407
Description:
A collection of utility classes to ease usage of the repository system.
License:
http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\aether\aether-util\0.9.0.M2\aether-util-0.9.0.M2.jar
Description: Eclipse JDT Core Batch Compiler
License:
Eclipse Public License v1.0: http://www.eclipse.org/org/documents/epl-v10.phpFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\jdt\core\compiler\ecj\4.2.2\ecj-4.2.2.jar
Description:
Repository access and algorithms
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\jgit\org.eclipse.jgit\3.4.1.201406201815-r\org.eclipse.jgit-3.4.1.201406201815-r.jar
MD5: 3C5F5772D95CA0F2536D976CE4EB762F
SHA1: 7FE73A21F4A078ABAAFACE4D2B03B5EB3D306F63
Severity:
High
CVSS Score: 7.5
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.
Vulnerable Software & Versions: (show all)
License:
http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.inject\0.0.0.M2a\org.eclipse.sisu.inject-0.0.0.M2a.jar
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.plexus\0.0.0.M2a\org.eclipse.sisu.plexus-0.0.0.M2a.jar
MD5: AD12584CE30EDEACAB4A6C32F4AFD9B9
SHA1: 07510DC8DFE27A0B57C17601BC760B7B0C8F95FA
Description: This is org.eclipse.jdt.core jar used by Tycho
License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\tycho\org.eclipse.jdt.core\3.8.1.v20120125-1544\org.eclipse.jdt.core-3.8.1.v20120125-1544.jar
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\tycho\org.eclipse.jdt.core\3.8.1.v20120125-1544\org.eclipse.jdt.core-3.8.1.v20120125-1544.jar\jdtCompilerAdapter.jar
MD5: 0D8DD7C7F5871B997AB2DD1069589245
SHA1: DD99177698535A270E24C3366AFF3EFD46BB93D6
Description: Maven plugin for submitting Java code coverage reports to Coveralls web service.
License:
The MIT License (MIT): http://opensource.org/licenses/MITFile Path: C:\Users\Jeremy\.m2\repository\org\eluder\coveralls\coveralls-maven-plugin\3.0.1\coveralls-maven-plugin-3.0.1.jar
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-api\2.3.1-b411\webservices-api-2.3.1-b411.jar
MD5: 114B3327AD412414A333CBBB616A51F9
SHA1: F7ED9152EBE9C5E5A0A5031AB4ABB229543195B0
Description: JAXB (JSR 222) API
License:
CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-api\2.3.1-b411\webservices-api-2.3.1-b411.jar\META-INF/maven/javax.xml.bind/jaxb-api/pom.xml
Description: SAAJ API
License:
CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-api\2.3.1-b411\webservices-api-2.3.1-b411.jar\META-INF/maven/javax.xml.soap/javax.xml.soap-api/pom.xml
Description: JAX-WS (JSR 224) API
License:
Dual license consisting of the CDDL v1.1 and GPL v2
: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-api\2.3.1-b411\webservices-api-2.3.1-b411.jar\META-INF/maven/javax.xml.ws/jaxws-api/pom.xml
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar
MD5: 5DAD60826516821AEDC549C03C5702DB
SHA1: FC604BA14AE0C6AABC50C454D81065DF83290755
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.istack/istack-commons-runtime/pom.xml
MD5: CE35F206165AE70F66D16ADEF60AEAB3
SHA1: 647BE046BE1E9FBE2979A158BF39F8AEC8775E0E
Description: Old JAXB Core module. Contains sources required by XJC, JXC and Runtime modules with dependencies.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.bind/jaxb-core/pom.xml
MD5: 2B198BA54A7DABAC4BC41C9CE4D9B952
SHA1: 9F8D2853AC3355036700468C60A73ABABC2C083A
Description: Old JAXB Runtime module. Contains sources required for runtime processing.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.bind/jaxb-impl/pom.xml
MD5: 2DB62EB02F60B8A4EBA451AC20BDC54E
SHA1: 05430DD72AF2DDDA07592E6218D0A17289928E4C
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.fastinfoset/FastInfoset/pom.xml
MD5: 6676B99D64695E696D16862A061E2D7E
SHA1: BC1AC953ADDB710EC08DCCA6465BB1F6FCFD7EE9
Description:
Open source Reference Implementation of JSR-67: SOAP with Attachments API for Java (SAAJ MR :1.3)
License:
Dual license consisting of the CDDL v1.1 and GPL v2
: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.messaging.saaj/saaj-impl/pom.xmlDescription: Stream based representation for XML infoset
License:
Dual license consisting of the CDDL v1.1 and GPL v2
: https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.stream.buffer/streambuffer/pom.xmlDescription: HTTP SPI for JAX-WS RI
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/httpspi-servlet/pom.xml
MD5: AD3B0CBCE1119A00645E449EB25C63DA
SHA1: 483BE1A8499CBAE1FBFB1ADBBBB14A428E539902
Description: WS-Policy implementation for Project Metro
License:
Dual License: CDDL 1.0 and GPL V2 with Classpath Exception: http://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/policy/pom.xml
Description: Fast Infoset Support for JAX-WS RI
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/rt-fi/pom.xml
MD5: 143536BDCD7C60DE567041E2CB11607D
SHA1: DFEEA959FF27831137D9D7AACC3618997698C43A
Description: High Availability Support for JAX-WS RI
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/rt-ha/pom.xml
MD5: 8EFE5EB736FA8C20543D487E0EBA6C9A
SHA1: D65066035B4B3E717CBFE3CAD24E9CEA024150FE
Description: JAX-WS Reference Implementation Runtime
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/rt/pom.xml
MD5: 5009A170767A4589F1E3C7388E85670F
SHA1: 08D6FF5FE5BDD3054CD85789D9F95D7B96C160B7
Description: Servlet Support for JAX-WS RI
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/servlet/pom.xml
MD5: 5D0FEEADDE65AC448367EB7ECE8DE1C8
SHA1: ACC980DADFE3D4EEC4621CA1399C60CCFA64D99C
Description: GlassFish Common APIs
License:
CDDL+GPL: https://glassfish.dev.java.net/public/CDDL+GPL.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.external/management-api/pom.xml
Severity:
Low
CVSS Score: 2.6
CWE: CWE-310 Cryptographic Issues
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
Vulnerable Software & Versions: (show all)
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.ha/ha-api/pom.xml
MD5: 32795041A0091C606F8847D9F72497D2
SHA1: 81975880BA7B8EE1931900B0622069E6A06AAFAD
Severity:
Low
CVSS Score: 2.6
CWE: CWE-310 Cryptographic Issues
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
Vulnerable Software & Versions: (show all)
Description: JAXB Core module. Contains sources required by XJC, JXC and Runtime modules.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.jaxb/jaxb-core/pom.xml
MD5: EC6710C0A3546D953540990138DC48F7
SHA1: C686F3D8CF2778CBD16790F45E8E52C7AB7A97A0
Description: JAXB (JSR 222) Reference Implementation
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.jaxb/jaxb-runtime/pom.xml
MD5: 24532D5EC1762C1687888967E3A6D6EA
SHA1: AB1369DA7A59397B8FD95BB3DF089A1CED2BE23F
Description:
TXW is a library that allows you to write XML documents.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.jaxb/txw2/pom.xml
MD5: 3B5D78FF4CFAE627CF8A2AEC500FBF2C
SHA1: 2D5D488186FD3E9C81F9E83255B9A8DB3A2B4D12
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-cm-api/pom.xml
MD5: 956319E6A7BB4F2DFD99B62BDEDDB987
SHA1: 2A808E88D02F573CBD250498D447D260B31DC6BC
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-cm-impl/pom.xml
MD5: 6D8A3C895977B32168EC44640D2A566A
SHA1: C9364B9C16300928C5CE552AF88446D929E9D78A
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-commons/pom.xml
MD5: B753885744BFC438EE3E623AC0701579
SHA1: C924A61EC458CEEEF3CF5FAF153821AA23702F49
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-config-api/pom.xml
MD5: 19778177F1A6411BF5D2774BA3CF6AEB
SHA1: 3B0BBA5C440A50561FB78789617329C8F0765221
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-config-impl/pom.xml
MD5: 40D7849B78121C9AE768D6DB61F0EFF2
SHA1: 9E9AE4F1A748369D9C10D3B5981E9F629E1DDC9E
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-runtime-api/pom.xml
MD5: 452CF07F83FFA41BCC8A13A9E43983BB
SHA1: B310A64D5EDDBB65F3B107D68C3552C55D2CA340
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-runtime-impl/pom.xml
MD5: B20AF5C6090823FA58D2ABAEB2C87065
SHA1: D32BD813010C4A3A5CD9C519823071589875F79E
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/soaptcp-api/pom.xml
MD5: 7EFF27173A34D50CF17D1D4E57F286FC
SHA1: BDA8557273BFD656E503E888B81F99EFAD9A0393
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/soaptcp-impl/pom.xml
MD5: 5CA70D15E20B94B777BAC3107C7D182F
SHA1: 99E5308F0A53A30B43C3EA3D9126A665BD227237
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/ws-mex/pom.xml
MD5: CFD940600D2A0A92F5EB6C5C34651DA8
SHA1: A277F7AE6817402C6A4BAA7A70FBFE73DBD95E81
Description:
This module contains the Metro WSIT API
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsit-api/pom.xml
MD5: A4BE22A6B1F32FCCA47CC729AE8ED6B9
SHA1: 69770A904D052F4689AAD3F5C92954ECC4B546B4
Description:
This module contains the Metro WSIT runtime code.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsit-impl/pom.xml
MD5: 79E47BAD3EB20E7B0821C1EDF505F6AD
SHA1: 72F9B97C266DC3E1014C51E59DF4406C1269713F
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsmc-api/pom.xml
MD5: DD62CA5000EF97878F0923DCBF1DAE3D
SHA1: 18F467A8EF1A51DD49A629003468784A690D57A1
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsmc-impl/pom.xml
MD5: 45AA405C9CEAED46DC600C74B8715D13
SHA1: F72F2F85E12034D61F8B05B804150955FF8B7EA8
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsrm-api/pom.xml
MD5: 01E329716E5C0B90944BFD3CBCD22FAC
SHA1: 53ADA7A7D0657B49FFC2000447478400914325B6
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsrm-impl/pom.xml
MD5: F3DE43DFE0B031B58EFE6A78AF6F47F1
SHA1: A18DDBF951F21C94596D596094CEAEB7634E897A
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsrx-commons/pom.xml
MD5: 03DB693337AF36D35EF1C503B96997FC
SHA1: A48EA39B9AD8EDECF84BE3018789D8E1C072670D
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsrx-testing/pom.xml
MD5: EFCCC3327F0DE1105BE8BCA484F27C8D
SHA1: 5253207AA1DB41E17B64579438484DC53D74A084
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wssx-api/pom.xml
MD5: 3F7578638CA08F2C47A2603C7D16CA16
SHA1: D11FADA568D63345819DF6ABBCDE6637071B736A
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wssx-impl/pom.xml
MD5: E703DCDBC0DEAD2F95CD5BE04703A0DA
SHA1: 4B36B78389D1DCEFFC6DABA1BA06C6E49568C798
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wstx-api/pom.xml
MD5: F428B7CF92221CF8E69AF1CBE7105D53
SHA1: 065ADD068F1954355C6FB283A7B5409724D8BDF3
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wstx-core/pom.xml
MD5: 449AE4D7BAD31BB1460A8DFE9A912807
SHA1: E904ED82064122D9F377BF38BDAD4C7EF5C4449A
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wstx-impl/pom.xml
MD5: 85860B4382D2C4083860C78FB477F35A
SHA1: 31C363B317DB2C87D743CE12F77A16C87C4F3CFC
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/xmlfilter/pom.xml
MD5: CB4DB246C35D2B454AEA5B5DEFAF029B
SHA1: C0465CE2A7B418553E45D94BA63CE2293B8A3B70
Description:
Provides a streaming API to access attachments parts in a MIME message.
License:
CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.jvnet.mimepull/mimepull/pom.xml
Description: Extensions to JSR-173 StAX API.
License:
Dual license consisting of the CDDL v1.1 and GPL v2
: https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.jvnet.staxex/stax-ex/pom.xml
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar
MD5: 880086D7E3F451E010FA97055A1C963F
SHA1: CA5C51B576978544FFE54DA64F9E5835752FB6B8
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.istack/istack-commons-tools/pom.xml
MD5: 0E312642FFC4FC2735BF2F007150B34E
SHA1: A76F27567D4E8B68540F4E7F4DA8479147FBC5FB
Description:
RNGOM is a RelaxNG Object model library (XSOM for RelaxNG). Sources from http://rngom.java.net, version 20050510.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.xml.bind.external/rngom/pom.xml
MD5: 566755E5079C3E6CE965F3C11BA0B303
SHA1: FB3C6E01C6BDC87D93629E80643ADA3D55E02579
Description:
Old JAXB schema generator.The *tool* to generate XML schema based on java classes.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.xml.bind/jaxb-jxc/pom.xml
MD5: 0B94EFC25B6F39249C8C96719BC7DEB4
SHA1: 0AE197896E2A6E92CC84353E1A4F5BE32F348C80
Description:
Old JAXB Binding Compiler. Contains source code needed for binding customization files into java sources.
In other words: the *tool* to generate java classes for the given xml representation.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.xml.bind/jaxb-xjc/pom.xml
MD5: 3FD6B181527DDE5CE09CCEA6AA9CF4B2
SHA1: 05ADC723B7A4DAB1BDDAFC1BF753B2F213F26A63
Description: SAX-like API for parsing XML DTDs.
License:
Berkeley Software Distribution (BSD) License: http://www.opensource.org/licenses/bsd-license.phpFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.xml.dtd-parser/dtd-parser/pom.xml
Description: JAX-WS RI Tools
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/wscompile/pom.xml
MD5: 6480C53A0F3C563A8C41F0344D5087AD
SHA1: A775514A8028E3750E1E1831D5D62F5B933FB679
Description: XML Schema Object Model (XSOM) is a Java library that allows applications to easily parse XML Schema documents and inspect information in them. It is expected to be useful for applications that need to take XML Schema as an input.
License:
CDDL v1.1 / GPL v2 dual license: http://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.xsom/xsom/pom.xml
Description: The core functionality of the CodeModel java source code generation library
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/org.glassfish.jaxb/codemodel/pom.xml
MD5: 6B6FEA7B39B5E24095047BF60ECFA67E
SHA1: FF50720390C6495F21AC9CE36DA11DAD17E685C2
Description:
JAXB schema generator.The *tool* to generate XML schema based on java classes.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/org.glassfish.jaxb/jaxb-jxc/pom.xml
MD5: 0C4DEF0E092F93876ECE5B49F055AF3A
SHA1: 843B8383E690F1ED6241292145FA1A36117EE865
Description:
JAXB Binding Compiler. Contains source code needed for binding customization files into java sources.
In other words: the *tool* to generate java classes for the given xml representation.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/org.glassfish.jaxb/jaxb-xjc/pom.xml
MD5: AA5A96ECBB5D328967E4087E0D2CA730
SHA1: DB71FE800B013B667419EBE7DFC2AF8B398C3E59
File Path: C:\Users\Jeremy\.m2\repository\org\hibernate\hibernate-validator-annotation-processor\5.2.0.Alpha1\hibernate-validator-annotation-processor-5.2.0.Alpha1.jar
MD5: B6E3A5210E1A9FBEDE75FF49199CF149
SHA1: 4387A7BDDB53000ED7E044A69788ED74FB1E3C64
Description: The JaCoCo Maven Plugin provides the JaCoCo runtime agent to your tests and allows basic report creation.
File Path: C:\Users\Jeremy\.m2\repository\org\jacoco\jacoco-maven-plugin\0.7.2.201409121644\jacoco-maven-plugin-0.7.2.201409121644.jar
MD5: D635CCC7210A98E976F7E65CFD1A1E57
SHA1: B2CB310459D082DB505FDFA66DBADD4D8BAC8E34
File Path: C:\Users\Jeremy\.m2\repository\org\jacoco\org.jacoco.agent\0.7.2.201409121644\org.jacoco.agent-0.7.2.201409121644-runtime.jar
MD5: 187311ABC55E0EAA5D1E62FC98EA6270
SHA1: 2A10D827753BC54F57108DCF320FA89DA0DE0C44
Description: JaCoCo Java Agent
File Path: C:\Users\Jeremy\.m2\repository\org\jacoco\org.jacoco.agent\0.7.2.201409121644\org.jacoco.agent-0.7.2.201409121644-runtime.jar\META-INF/maven/org.jacoco/org.jacoco.agent.rt/pom.xml
MD5: A718A89D7B6D065FEA465491DD211060
SHA1: 76D70BA5114F1E5A1CC48368A338166D77614F5A
Description: JaCoCo Core
File Path: C:\Users\Jeremy\.m2\repository\org\jacoco\org.jacoco.core\0.7.2.201409121644\org.jacoco.core-0.7.2.201409121644.jar
MD5: 83307B8CC646DB3C1BDD086B2D08DFFC
SHA1: 97747868597AF2C595A5CC4B34B95A689EF2D6C3
Description: JaCoCo Reporting
File Path: C:\Users\Jeremy\.m2\repository\org\jacoco\org.jacoco.report\0.7.2.201409121644\org.jacoco.report-0.7.2.201409121644.jar
MD5: 80DD719A6A05220FD7901FC905ECC127
SHA1: 61F0DEDFB1D190BBEDFE2133EF188797A36473E5
Description:
JDOM is, quite simply, a Java representation of an XML document. JDOM provides a way to represent that document for
easy and efficient reading, manipulation, and writing. It has a straightforward API, is a lightweight and fast, and
is optimized for the Java programmer. It's an alternative to DOM and SAX, although it integrates well with both DOM
and SAX.
File Path: C:\Users\Jeremy\.m2\repository\org\jdom\jdom\1.1\jdom-1.1.jar
MD5: ADF67FC5DCF48E1593640AD7E02F6AD4
SHA1: 1D04C0F321EA337F3661CF7EDE8F4C6F653A8FDD
Description: Eclipse org.eclipse.core.resources project
License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\jibx\config\3rdparty\org\eclipse\org.eclipse.core.resources\3.7.100.v20110510-0712\org.eclipse.core.resources-3.7.100.v20110510-0712.jar
File Path: C:\Users\Jeremy\.m2\repository\org\jibx\config\3rdparty\org\eclipse\org.eclipse.core.resources\3.7.100.v20110510-0712\org.eclipse.core.resources-3.7.100.v20110510-0712.jar\ant_tasks\resources-ant.jar
MD5: 88DBE16FD892C5283E5CDE87A39E4FAA
SHA1: D1DD9AE4A7ECE17B230878726278A72BA0B2412D
Description: Eclipse org.eclipse.core.runtime project
License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\jibx\config\3rdparty\org\eclipse\org.eclipse.core.runtime\3.7.0.v20110110\org.eclipse.core.runtime-3.7.0.v20110110.jar
Description: Eclipse org.eclipse.equinox.common project
License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\jibx\config\3rdparty\org\eclipse\org.eclipse.equinox.common\3.6.0.v20110523\org.eclipse.equinox.common-3.6.0.v20110523.jar
Description: Eclipse org.eclipse.text project
License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\jibx\config\3rdparty\org\eclipse\org.eclipse.text\3.5.100.v20110505-0800\org.eclipse.text-3.5.100.v20110505-0800.jar
Description:
JSON (JavaScript Object Notation) is a lightweight data-interchange format.
It is easy for humans to read and write. It is easy for machines to parse and generate.
It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition
- December 1999. JSON is a text format that is completely language independent but uses
conventions that are familiar to programmers of the C-family of languages, including C, C++, C#,
Java, JavaScript, Perl, Python, and many others.
These properties make JSON an ideal data-interchange language.
License:
provided without support or warranty: http://www.json.org/license.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\json\json\20090211\json-20090211.jar
Description: jsoup HTML parser
License:
The MIT License: http://jsoup.com/licenseFile Path: C:\Users\Jeremy\.m2\repository\org\jsoup\jsoup\1.7.2\jsoup-1.7.2.jar
Description: Jetty server core
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.phpFile Path: C:\Users\Jeremy\.m2\repository\org\mortbay\jetty\jetty\6.1.25\jetty-6.1.25.jar
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-310 Cryptographic Issues
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
Vulnerable Software & Versions: (show all)
Description: Servlet Specification API
License:
http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Jeremy\.m2\repository\org\mortbay\jetty\servlet-api\2.5-20081211\servlet-api-2.5-20081211.jar
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Vulnerable Software & Versions:
Description: Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users.
License:
Mozilla Public License, Version 2.0: http://www.mozilla.org/MPL/2.0/index.txtFile Path: C:\Users\Jeremy\.m2\repository\org\mozilla\rhino\1.7R4\rhino-1.7R4.jar
File Path: C:\Users\Jeremy\.m2\repository\org\netbeans\lib\cvsclient\20060125\cvsclient-20060125.jar
MD5: D37C0E11F9B2D3FDDE5A999BA9418ABB
SHA1: CC80BD0085C79BE7ED332CBDC1DB77498BFF1FDA
File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-all\4.0\asm-all-4.0.jar
MD5: 5B47D1BC9BDFE9ACDBD1109960E3284B
SHA1: 2518725354C7A6A491A323249B9E86846B00DF09
File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-analysis\4.1\asm-analysis-4.1.jar
MD5: 3D381440395AE8C4B25D759C286E5743
SHA1: 73401033069E4714F57B60AEAE02F97210AAA64E
File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-debug-all\5.0.2\asm-debug-all-5.0.2.jar
MD5: 2C7F3426D91C6E2008542F86E52C5D26
SHA1: 5742EAA4EB2F0583B642EB2A2A7597C996139103
File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-tree\4.1\asm-tree-4.1.jar
MD5: 84B820D478240EDAD27F2B3D3AF229C6
SHA1: 51085ABCC4CB6C6E1CB5551E6F999EB8E31C5B2D
File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-util\4.1\asm-util-4.1.jar
MD5: 552C18B83A11DC7EC246E4762E6F1F84
SHA1: 6344065CB0F94E2B930A95E6656E040EBC11DF08
File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm\5.0.3\asm-5.0.3.jar
MD5: CCEBEE99FB8CDD50E1967680A2EAC0BA
SHA1: DCC2193DB20E19E1FECA8B1240DBBC4E190824FA
Description: Elegant parsing in Java and Scala - lightweight, easy-to-use, powerful
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\parboiled\parboiled-core\1.1.4\parboiled-core-1.1.4.jar
Description: Elegant parsing in Java and Scala - lightweight, easy-to-use, powerful
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\parboiled\parboiled-java\1.1.4\parboiled-java-1.1.4.jar
Description: A Java 1.5+ library providing a clean and lightweight markdown processor
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\pegdown\pegdown\1.2.1\pegdown-1.2.1.jar
Description: Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!
License:
The MIT License: http://projectlombok.org/LICENSEFile Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.14.8\lombok-1.14.8.jar
File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.14.8\lombok-1.14.8.jar\lombok\installer\WindowsDriveInfo-i386.dll
MD5: C4D7064E400A22CC9A59D2D97382B5B8
SHA1: 63AC163436B8400DCC25F7D13E7A86313FD28A98
File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.14.8\lombok-1.14.8.jar\lombok\installer\WindowsDriveInfo-x86_64.dll
MD5: CDF042A66F9681F362C365131E3C38DD
SHA1: A4598A189D82AE291FAEAD4C0EEC6ABF22B256BE
Description: JCL 1.1.1 implemented over SLF4J
File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\jcl-over-slf4j\1.7.5\jcl-over-slf4j-1.7.5.jar
MD5: 4DDE0990B45D1BBBA6EE141DA8FA9C25
SHA1: 0CD5970BD13FA85F7BED41CA606D6DAF7CBF1365
Description: The slf4j API
File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\slf4j-api\1.7.6\slf4j-api-1.7.6.jar
MD5: C802B9AD760BC9C605F01FEE07F2CCC5
SHA1: 562424E36DF3D2327E8E9301A76027FCA17D54EA
Description:
The slf4j JDK14 binding
File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\slf4j-jdk14\1.5.6\slf4j-jdk14-1.5.6.jar
MD5: BCA9B637BC7D0F99CD1F3DC16CB91039
SHA1: CC383FBD07DD1826BBCBA1B907BBDC0B5BE627F1
Description:
The slf4j log4j-12 binding
File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\slf4j-log4j12\1.5.10\slf4j-log4j12-1.5.10.jar
MD5: 352E66E47739F692221C4717353B939E
SHA1: 08274ABBF7065CA15CF877D199A8BF75DBA87F36
Description:
The slf4j NOP binding
File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\slf4j-nop\1.5.3\slf4j-nop-1.5.3.jar
MD5: 16DACC0AB89858EFAFE1CB535D96B682
SHA1: 36A3C886235CDDD05E55A979CEF549196740231A
Description:
A collection of utility classes to ease usage of the repository system.
File Path: C:\Users\Jeremy\.m2\repository\org\sonatype\aether\aether-util\1.7\aether-util-1.7.jar
MD5: DF02504FDF485555FC8BEC459325D4BA
SHA1: 38485C9C086C3C867C2DD5371909337BD056C492
Description:
Gossip is a plugin for SLF4j which has simple and flexible configuration.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\sonatype\gossip\gossip\1.2\gossip-1.2.jar
File Path: C:\Users\Jeremy\.m2\repository\org\sonatype\gshell\gshell-io\2.4\gshell-io-2.4.jar
MD5: AAAB1D8CBD3887A1F5BC602866AD0606
SHA1: 5AFE3385CAB1926CCB38039A2B12E06C658BCBE4
File Path: C:\Users\Jeremy\.m2\repository\org\sonatype\plexus\plexus-build-api\0.0.7\plexus-build-api-0.0.7.jar
MD5: 49F0F8C6BDF2687E358870A4FC1559C6
SHA1: E6BA5CD4BFD8DE00235AF936E7F63EB24ED436E6
File Path: C:\Users\Jeremy\.m2\repository\org\sonatype\plexus\plexus-cipher\1.4\plexus-cipher-1.4.jar
MD5: 7B2D6FCF0D5800D5B1CE09D98D98DCAF
SHA1: 50ADE46F23BB38CD984B4EC560C46223432AAC38
File Path: C:\Users\Jeremy\.m2\repository\org\sonatype\plexus\plexus-sec-dispatcher\1.4\plexus-sec-dispatcher-1.4.jar
MD5: 0A46E5BC9BC2FBD3B68091066AFF2737
SHA1: 43FDE524E9B94C883727A9FDDB8669181B890EA7
Description: Patched build of Guice: a lightweight dependency injection framework for Java 5 and above
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\sonatype\sisu\sisu-guice\3.1.0\sisu-guice-3.1.0-no_aop.jar
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-352
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
File Path: C:\Users\Jeremy\.m2\repository\org\sonatype\spice\model-builder\1.3\model-builder-1.3.jar
MD5: C054D2FA25D462F85DC202317A114224
SHA1: 37534174C8E7332D2FDA4012521ECECE84EC4149
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\springframework\spring-core\3.1.3.RELEASE\spring-core-3.1.3.RELEASE.jar
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-352
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Description: A pure Java library for managing SQLite databases
File Path: C:\Users\Jeremy\.m2\repository\org\tmatesoft\sqljet\sqljet\1.0.4\sqljet-1.0.4.jar
MD5: 726FDD388C29AB55F8D06ADA70E7CA28
SHA1: E887BD8E02033AFEC7E2C618E44387D84116FD5C
Description: A pure Java Subversion library, formerly known as JavaSVN
File Path: C:\Users\Jeremy\.m2\repository\org\tmatesoft\svnkit\svnkit\1.3.5\svnkit-1.3.5.jar
MD5: 7682049ADB3C45416AB950EE0DFB51F2
SHA1: 72AC6E6FB1ADC25BB8AF80F26C309C413453E423
File Path: C:\Users\Jeremy\.m2\repository\org\tmatesoft\svnkit\svnkit\1.3.5\svnkit-1.3.5.jar\org\tmatesoft\svn\core\io\repository\template.jar
MD5: 7C709F1F7BC761EF0A10B0D51C0CFB7C
SHA1: 2B270A4F68980879CB48D0298CE543067821F390
Description: A pure Java implementation of the SSH-2 protocol, a successor to Ganymed
File Path: C:\Users\Jeremy\.m2\repository\org\tmatesoft\svnkit\trilead-ssh2\build213-svnkit-1.3-patch\trilead-ssh2-build213-svnkit-1.3-patch.jar
MD5: 424F4FEA00195405C6870D58659546B9
SHA1: 68B82D7246FD90E0FC70BB9C8F10611489BF371A
Description: XZ data compression
License:
Public DomainFile Path: C:\Users\Jeremy\.m2\repository\org\tukaani\xz\1.0\xz-1.0.jar
File Path: C:\Users\Jeremy\.m2\repository\oro\oro\2.0.8\oro-2.0.8.jar
MD5: 42E940D5D2D822F4DC04C65053E630AB
SHA1: 5592374F834645C4AE250F4C9FBB314C9369D698
Description:
git-commit-id-plugin is a plugin quite similar to
https://fisheye.codehaus.org/browse/mojo/tags/buildnumber-maven-plugin-1.0-beta-4 for example but as buildnumber at
the time when I started this plugin only supported CVS and SVN, something had to be done.
This plugin makes basic repository information available through maven resources. This can be used to display
"what version is this?" or "who has deployed this and when, from which branch?" information at runtime - making
it easy to find things like "oh, that isn't deployed yet, I'll test it tomorrow" and making both testers and
developers life easier.
The data currently exported is like this (that's the end effect from the GitRepositoryState Bean):
{
"branch" : "testing-maven-git-plugin",
"commitTime" : "06.01.1970 @ 16:16:26 CET",
"commitId" : "787e39f61f99110e74deed68ab9093088d64b969",
"commitUserName" : "Konrad Malawski",
"commitUserEmail" : "konrad.malawski@java.pl",
"commitMessageFull" : "releasing my fun plugin :-) + fixed some typos + cleaned up directory structure + added
license etc",
"commitMessageShort" : "releasing my fun plugin :-)",
"buildTime" : "06.01.1970 @ 16:17:53 CET",
"buildUserName" : "Konrad Malawski",
"buildUserEmail" : "konrad.malawski@java.pl"
}
Note that the data is exported via maven resource filtering and is really easy to use with spring -
which I've explained in detail in this readme https://github.com/ktoso/maven-git-commit-id-plugin
License:
GNU Lesser General Public License 3.0: http://www.gnu.org/licenses/lgpl-3.0.txtFile Path: C:\Users\Jeremy\.m2\repository\pl\project13\maven\git-commit-id-plugin\2.1.12\git-commit-id-plugin-2.1.12.jar
Severity:
High
CVSS Score: 7.5
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.
Vulnerable Software & Versions: (show all)
File Path: C:\Users\Jeremy\.m2\repository\plexus\plexus-utils\1.0.2\plexus-utils-1.0.2.jar
MD5: 1F23429A787DDA24B8A899CF8A27E667
SHA1: DC78334CCDD2FD86580E9EAF0C32A7DB3369BB3B
File Path: C:\Users\Jeremy\.m2\repository\regexp\regexp\1.3\regexp-1.3.jar
MD5: 6DCDC325850E40B843CAC2A25FB2121E
SHA1: 973DF2B78B67BCD3144C3DBBB88DA691065A3F8D
Description: Rhino: JavaScript for Java
License:
Mozilla Public License version 1.1: http://www.mozilla.org/MPL/MPL-1.1.htmlFile Path: C:\Users\Jeremy\.m2\repository\rhino\js\1.6R7\js-1.6R7.jar
File Path: C:\Users\Jeremy\.m2\repository\sslext\sslext\1.2-0\sslext-1.2-0.jar
MD5: FDA7F2A2F7AC9B017A5DE1A4742753FD
SHA1: C86A7DB4AC0BC450E675F3D44B3D64CDC934361B
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-20 Improper Input Validation
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.8
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
Vulnerable Software & Versions:
Description: StAX API is the standard java XML processing API defined by JSR-173
File Path: C:\Users\Jeremy\.m2\repository\stax\stax-api\1.0.1\stax-api-1.0.1.jar
MD5: 7D436A53C64490BEE564C576BABB36B4
SHA1: 49C100CAF72D658ACA8E58BD74A4BA90FA2B0D70
File Path: C:\Users\Jeremy\.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.jar
MD5: A018D032C21A873225E702B36B171A10
SHA1: A33C0097F1C70B20FA7DED220EA317EB3500515E
Description:
Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.
Xerces2 is a fully conforming XML Schema 1.0 processor. A partial experimental implementation of the XML Schema 1.1 Structures and Datatypes Working Drafts (December 2009) and an experimental implementation of the XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010) are provided for evaluation. For more information, refer to the XML Schema page.
Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.
Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\xerces\xercesImpl\2.11.0\xercesImpl-2.11.0.jar
Description: xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\xml-apis\xml-apis\1.0.b2\xml-apis-1.0.b2.jar
File Path: C:\Users\Jeremy\.m2\repository\xmlpull\xmlpull\1.1.3.1\xmlpull-1.1.3.1.jar
MD5: CC57DACC720ECA721A50E78934B822D2
SHA1: 2B8E230D2AB644E4ECAA94DB7CDEDBC40C805DFA
Description: XMLUnit compares a control XML document to a test document or the result of a transformation, validates documents, and compares the results of XPath expressions.
File Path: C:\Users\Jeremy\.m2\repository\xmlunit\xmlunit\1.5\xmlunit-1.5.jar
MD5: 99F2EB164A7609DA9A77975843B09405
SHA1: 7789CEF5CAFFDECAB50FD6099535AD2BC2E98044
Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.
File Path: C:\Users\Jeremy\.m2\repository\xpp3\xpp3_min\1.1.4c\xpp3_min-1.1.4c.jar
MD5: DCD95BCB84B09897B2B66D4684C040DA
SHA1: 19D4E90B43059058F6E056F794F0EA4030D60B86